Rapid7 Vulnerability & Exploit Database

Microsoft CVE-2017-0261: Microsoft Office Remote Code Execution Vulnerability

Free InsightVM Trial No Credit Card Necessary
2024 Attack Intel Report Latest research by Rapid7 Labs
Back to Search

Microsoft CVE-2017-0261: Microsoft Office Remote Code Execution Vulnerability



A remote code execution vulnerability exists in Microsoft Office that could be exploited when a user opens a file containing a malformed graphics image or when a user inserts a malformed graphics image into an Office file. Such a file could also be included in an email attachment. An attacker could exploit the vulnerability by constructing a specially crafted EPS file that could allow remote code execution. An attacker who successfully exploited this vulnerability could take control of the affected system. This vulnerability could not be exploited automatically through a Web-based attack scenario. An attacker could host a specially crafted website containing an Office file that is designed to exploit the vulnerability, and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements by adding specially crafted content that could exploit the vulnerability. In all cases, however, an attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by getting them to click a link in an instant messenger or email message that takes users to the attacker's website, or by getting them to open an attachment sent through email. Workstations and terminal servers that have Microsoft Office installed are primarily at risk. Servers could be at more risk if administrators allow users to log on to servers and to run programs. However, best practices strongly discourage allowing this. When this fix is published, Microsoft had received reports of limited targeted attacks using this vulnerability.


  • msft-kb3118310-9895044d-5aae-4c7e-9ebc-b528f5b4e921
  • msft-kb3118310-c59a1bb2-ff1f-427a-a8d7-2cab1cb3e7d1
  • msft-kb3172458-2ac0441f-fd6e-4995-9cae-5d00e780bc26
  • msft-kb3172458-acda7fbb-9ac2-4abe-9323-c1c95e4a909a

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center