Home

CVE-2017-8631

Description

A remote code execution vulnerability exists in Excel Services, Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, Microsoft Excel 2016, Microsoft Office Web Apps 2013, Microsoft Office Compatibility Pack Service Pack 3, Microsoft Excel Web App 2013 Service Pack 1, Microsoft Excel Viewer 2007 Service Pack 3, and Office Online Server when they fail to properly handle objects in memory, aka Microsoft Office Memory Corruption Vulnerability. This CVE ID is unique from CVE-2017-8630, CVE-2017-8632, and CVE-2017-8744.

Risk Information

Base Score
7.8
MODERATE
Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
21.403

Associated Vulnerability

VulnerabilityOS Platform
Microsoft Office Remote Code Execution Vulnerability for Microsoft SharePoint Server 2010 (KB4011056)Windows
Microsoft Office Remote Code Execution Vulnerability for Microsoft Office Compatibility Pack Service Pack 3 (KB4011064)Windows
Microsoft Office Remote Code Execution Vulnerability for Microsoft Excel 2010 (KB4011061) 64-Bit EditionWindows
Microsoft Office Remote Code Execution Vulnerability for Microsoft Excel 2010 (KB4011061) 32-Bit EditionWindows
Microsoft Office Remote Code Execution Vulnerability for Microsoft Excel 2016 (KB4011050) 64-Bit EditionWindows
Microsoft Office Remote Code Execution Vulnerability for Microsoft Excel 2016 (KB4011050) 32-Bit EditionWindows
Microsoft Office Remote Code Execution Vulnerability for Microsoft Office Excel Viewer 2007 (KB4011065)Windows
Microsoft Office Remote Code Execution Vulnerability for Microsoft Excel 2013 (KB4011108) 64-Bit EditionWindows
Microsoft Office Remote Code Execution Vulnerability for Microsoft Excel 2013 (KB4011108) 32-Bit EditionWindows
Microsoft Office Remote Code Execution Vulnerability for Microsoft Office Excel 2007 (KB4011062)Windows
Microsoft Office Remote Code Execution Vulnerability for Microsoft Office Web Apps Server 2013 (KB3213562)Windows
Microsoft PowerPoint Remote Code Exectuion Vulnerability for Microsoft Office Online Server (KB3213658)Windows

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-23167Security Update for Microsoft Office Compatibility Pack Service Pack 3 (KB4011064)
PATCH-23154Security Update for Microsoft Excel 2010 (KB4011061) 64-Bit Edition
PATCH-23153Security Update for Microsoft Excel 2010 (KB4011061) 32-Bit Edition
PATCH-23138Security Update for Microsoft Excel 2016 (KB4011050) 64-Bit Edition
PATCH-23137Security Update for Microsoft Excel 2016 (KB4011050) 32-Bit Edition
PATCH-23166Security Update for Microsoft Office Excel Viewer 2007 (KB4011065)
PATCH-23145Security Update for Microsoft Excel 2013 (KB4011108) 64-Bit Edition
PATCH-23144Security Update for Microsoft Excel 2013 (KB4011108) 32-Bit Edition
PATCH-23165Security Update for Microsoft Office Excel 2007 (KB4011062)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234