CVE-2017-8742
Description
A remote code execution vulnerability exists in Microsoft PowerPoint 2007 Service Pack 3, Microsoft PowerPoint 2010 Service Pack 2, Microsoft PowerPoint 2013 Service Pack 1, Microsoft PowerPoint 2013 RT Service Pack 1, Microsoft PowerPoint 2016, Microsoft PowerPoint Viewer 2007, Microsoft SharePoint Server 2013 Service Pack 1, Microsoft SharePoint Enterprise Server 2016, Microsoft Office Web Apps 2010 Service Pack 2, and Microsoft Office Compatibility Pack Service Pack 3 when they fail to properly handle objects in memory, aka PowerPoint Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2017-8743.
Risk Information
Base Score
7.8
MODERATE
Vector
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
36.52
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Microsoft PowerPoint Remote Code Exectuion Vulnerability for Microsoft Office Compatibility Pack Service Pack 3 (KB3213644) | Windows |
| Microsoft PowerPoint Remote Code Exectuion Vulnerability for Microsoft PowerPoint 2016 (KB4011041) 64-Bit Edition | Windows |
| Microsoft PowerPoint Remote Code Exectuion Vulnerability for Microsoft PowerPoint 2016 (KB4011041) 32-Bit Edition | Windows |
| Microsoft PowerPoint Remote Code Exectuion Vulnerability for Microsoft PowerPoint 2010 (KB3128027) 32-Bit Edition | Windows |
| Microsoft PowerPoint Remote Code Exectuion Vulnerability for Microsoft PowerPoint 2010 (KB3128027) 64-Bit Edition | Windows |
| Microsoft PowerPoint Remote Code Exectuion Vulnerability for Microsoft PowerPoint Viewer 2010 (KB3128030) 32-Bit Edition | Windows |
| Microsoft PowerPoint Remote Code Exectuion Vulnerability for Microsoft Office PowerPoint 2007 (KB3213642) | Windows |
| Microsoft PowerPoint Remote Code Exectuion Vulnerability for Microsoft SharePoint Enterprise Server 2016 (KB4011127) | Windows |
| Microsoft PowerPoint Remote Code Exectuion Vulnerability for Microsoft SharePoint Enterprise Server 2013 (KB3213560) | Windows |
| Microsoft PowerPoint Remote Code Exectuion Vulnerability for Microsoft PowerPoint 2013 (KB4011069) 32-Bit Edition | Windows |
| Microsoft PowerPoint Remote Code Exectuion Vulnerability for Microsoft PowerPoint 2013 (KB4011069) 64-Bit Edition | Windows |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-23108 | Security Update for Microsoft Office Compatibility Pack Service Pack 3 (KB3213644) |
| PATCH-23141 | Security Update for Microsoft PowerPoint 2016 (KB4011041) 64-Bit Edition |
| PATCH-23147 | Security Update for Microsoft PowerPoint 2016 (KB4011041) 32-Bit Edition |
| PATCH-23160 | Security Update for Microsoft PowerPoint 2010 (KB3128027) 32-Bit Edition |
| PATCH-23162 | Security Update for Microsoft PowerPoint Viewer 2010 (KB3128030) 32-Bit Edition |
| PATCH-23170 | Security Update for Microsoft Office PowerPoint 2007 (KB3213642) |
| PATCH-23172 | Security Update for Microsoft SharePoint Enterprise Server 2016 (KB4011127) |
| PATCH-23181 | Security Update for Microsoft PowerPoint 2013 (KB4011069) 32-Bit Edition |
| PATCH-23182 | Security Update for Microsoft PowerPoint 2013 (KB4011069) 64-Bit Edition |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234