Home

CVE-2017-8632

Description

A remote code execution vulnerability exists in Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, Microsoft Excel 2016, Microsoft Office Web Apps 2013, Microsoft Excel for Mac 2011, Microsoft Excel 2016 for Mac, and Microsoft Office Compatibility Pack Service Pack 3, when they fail to properly handle objects in memory, aka Microsoft Office Memory Corruption Vulnerability. This CVE ID is unique from CVE-2017-8630, CVE-2017-8631, and CVE-2017-8744.

Risk Information

Base Score
7.8
MODERATE
Vector
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
19.049

Associated Vulnerability

VulnerabilityOS Platform
Microsoft Office Remote Code Execution Vulnerability for Microsoft Office Compatibility Pack Service Pack 3 (KB4011064)Windows
Microsoft Office Remote Code Execution Vulnerability for Microsoft Excel 2010 (KB4011061) 64-Bit EditionWindows
Microsoft Office Remote Code Execution Vulnerability for Microsoft Excel 2010 (KB4011061) 32-Bit EditionWindows
Microsoft Office Remote Code Execution Vulnerability for Microsoft Excel 2016 (KB4011050) 64-Bit EditionWindows
Microsoft Office Remote Code Execution Vulnerability for Microsoft Excel 2016 (KB4011050) 32-Bit EditionWindows
Microsoft Office Remote Code Execution Vulnerability for Microsoft Excel 2013 (KB4011108) 64-Bit EditionWindows
Microsoft Office Remote Code Execution Vulnerability for Microsoft Excel 2013 (KB4011108) 32-Bit EditionWindows

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-23167Security Update for Microsoft Office Compatibility Pack Service Pack 3 (KB4011064)
PATCH-23154Security Update for Microsoft Excel 2010 (KB4011061) 64-Bit Edition
PATCH-23153Security Update for Microsoft Excel 2010 (KB4011061) 32-Bit Edition
PATCH-23138Security Update for Microsoft Excel 2016 (KB4011050) 64-Bit Edition
PATCH-23137Security Update for Microsoft Excel 2016 (KB4011050) 32-Bit Edition
PATCH-23145Security Update for Microsoft Excel 2013 (KB4011108) 64-Bit Edition
PATCH-23144Security Update for Microsoft Excel 2013 (KB4011108) 32-Bit Edition

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234