CVE-2017-0020
Description
Microsoft Excel 2016, Excel 2010 SP2, Excel 2013 RT SP1, and Office Web Apps Server 2013 SP1 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka Microsoft Office Memory Corruption Vulnerability. This vulnerability is different from those described in CVE-2017-0006, CVE-2017-0019, CVE-2017-0030, CVE-2017-0031, CVE-2017-0052, and CVE-2017-0053.
Risk Information
Base Score
7.8
MODERATE
Vector
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
21.743
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Microsoft SharePoint Elevation of Privilege Vulnerability for Microsoft Office Compatibility Pack Service Pack 3 (KB3178677) | Windows |
| Microsoft SharePoint Elevation of Privilege Vulnerability for Microsoft Office Excel Viewer 2007 (KB3178680) | Windows |
| Microsoft SharePoint Elevation of Privilege Vulnerability for Microsoft Office Excel 2007 (KB3178676) | Windows |
| Microsoft SharePoint Elevation of Privilege Vulnerability for Microsoft Office 2010 (KB3178686) 64-Bit Edition | Windows |
| Microsoft SharePoint Elevation of Privilege Vulnerability for Microsoft Office 2010 (KB3178686) 32-Bit Edition | Windows |
| Microsoft SharePoint Elevation of Privilege Vulnerability for Word Viewer (KB3178694) | Windows |
| Microsoft SharePoint Elevation of Privilege Vulnerability for Microsoft Word 2016 (KB3178674) 64-Bit Edition | Windows |
| Microsoft SharePoint Elevation of Privilege Vulnerability for Microsoft Word 2016 (KB3178674) 32-Bit Edition | Windows |
| Microsoft SharePoint Elevation of Privilege Vulnerability for Microsoft Office Word 2007 (KB3178683) | Windows |
| Microsoft SharePoint Elevation of Privilege Vulnerability for Microsoft Word 2013 (KB3172464) 64-Bit Edition | Windows |
| Microsoft SharePoint Elevation of Privilege Vulnerability for Microsoft Word 2013 (KB3172464) 32-Bit Edition | Windows |
| Microsoft SharePoint Elevation of Privilege Vulnerability for Microsoft Word 2010 (KB3178687) 32-Bit Edition | Windows |
| Microsoft SharePoint Elevation of Privilege Vulnerability for Microsoft Excel 2010 (KB3178690) 64-Bit Edition | Windows |
| Microsoft SharePoint Elevation of Privilege Vulnerability for Microsoft Excel 2010 (KB3178690) 32-Bit Edition | Windows |
| Microsoft SharePoint Elevation of Privilege Vulnerability for Microsoft Excel 2016 (KB3178673) 64-Bit Edition | Windows |
| Microsoft SharePoint Elevation of Privilege Vulnerability for Microsoft Excel 2016 (KB3178673) 32-Bit Edition | Windows |
| Microsoft SharePoint Elevation of Privilege Vulnerability for Microsoft Excel 2013 (KB3172542) 64-Bit Edition | Windows |
| Microsoft SharePoint Elevation of Privilege Vulnerability for Microsoft Excel 2013 (KB3172542) 32-Bit Edition | Windows |
| Microsoft SharePoint Elevation of Privilege Vulnerability for Microsoft Office Web Apps Server 2013 (KB3172457) | Windows |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-22024 | Security Update for Microsoft Office Compatibility Pack Service Pack 3 (KB3178677) |
| PATCH-22025 | Security Update for Microsoft Office Excel Viewer 2007 (KB3178680) |
| PATCH-22010 | Security Update for Microsoft Office Excel 2007 (KB3178676) |
| PATCH-22011 | Security Update for Microsoft Office 2010 (KB3178686) 64-Bit Edition |
| PATCH-22012 | Security Update for Microsoft Office 2010 (KB3178686) 32-Bit Edition |
| PATCH-22026 | Security Update for Word Viewer (KB3178694) |
| PATCH-22137 | Security Update for Microsoft Office Word 2007 (KB3178683) |
| PATCH-22019 | Security Update for Microsoft Word 2013 (KB3172464) 64-Bit Edition |
| PATCH-22018 | Security Update for Microsoft Word 2013 (KB3172464) 32-Bit Edition |
| PATCH-22015 | Security Update for Microsoft Word 2010 (KB3178687) 32-Bit Edition |
| PATCH-22014 | Security Update for Microsoft Excel 2010 (KB3178690) 64-Bit Edition |
| PATCH-22013 | Security Update for Microsoft Excel 2010 (KB3178690) 32-Bit Edition |
| PATCH-22021 | Security Update for Microsoft Excel 2016 (KB3178673) 64-Bit Edition |
| PATCH-22020 | Security Update for Microsoft Excel 2016 (KB3178673) 32-Bit Edition |
| PATCH-22017 | Security Update for Microsoft Excel 2013 (KB3172542) 64-Bit Edition |
| PATCH-22016 | Security Update for Microsoft Excel 2013 (KB3172542) 32-Bit Edition |
| PATCH-22136 | Security Update for Microsoft Office Web Apps Server 2013 (KB3172457) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234