Home

CVE-2017-0261

Description

Microsoft Office 2010 SP2, Office 2013 SP1, and Office 2016 allow a remote code execution vulnerability when the software fails to properly handle objects in memory, aka Office Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2017-0262 and CVE-2017-0281.

Risk Information

Base Score
7.8
MODERATE
Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
92.942

Associated Vulnerability

VulnerabilityOS Platform
Microsoft Office Remote Code Execution Vulnerability for Microsoft Office 2010 (KB3118310) 32-Bit EditionWindows
Microsoft Office Remote Code Execution Vulnerability for Microsoft Office 2010 (KB3118310) 64-Bit EditionWindows
Microsoft Office Remote Code Execution Vulnerability for Microsoft Office 2013 (KB3172458) 32-Bit EditionWindows
Microsoft Office Remote Code Execution Vulnerability for Microsoft Office 2013 (KB3172458) 64-Bit EditionWindows
Microsoft Office Remote Code Execution Vulnerability for Microsoft Office 2016 (KB3114375) 32-Bit EditionWindows
Microsoft Office Remote Code Execution Vulnerability for Microsoft Office 2016 (KB3114375) 64-Bit EditionWindows

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-22436Security Update for Microsoft Office 2010 (KB3118310) 32-Bit Edition
PATCH-22437Security Update for Microsoft Office 2010 (KB3118310) 64-Bit Edition
PATCH-22438Security Update for Microsoft Office 2013 (KB3172458) 32-Bit Edition
PATCH-22439Security Update for Microsoft Office 2013 (KB3172458) 64-Bit Edition
PATCH-22440Security Update for Microsoft Office 2016 (KB3114375) 32-Bit Edition
PATCH-22441Security Update for Microsoft Office 2016 (KB3114375) 64-Bit Edition

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234