Cyber Resilience

CVE-2017-0262

HighCISA KEVActive ExploitationEUVD Exploited

Published: 12 May 2017

Published
12 May 2017
Modified
22 April 2026
KEV Added
10 February 2022
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.6500 98.5th percentile
Risk Priority 75 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2017-0262 is a high-severity an unspecified weakness vulnerability in Microsoft Office. Its CVSS base score is 7.8 (High).

Operationally, ranked in the top 1.5% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and AC-6 (Least Privilege).

Deeper analysis

Microsoft Office 2010 SP2, Office 2013 SP1, and Office 2016 contain a remote code execution vulnerability when the software fails to properly handle objects in memory. The flaw is tracked as CVE-2017-0262 and carries a CVSS 3.1 base score of 7.8 reflecting local attack vector, low attack complexity, no privileges required, and required user interaction.

An attacker can exploit the issue by supplying a malicious document that triggers improper memory handling once opened by a victim, resulting in arbitrary code execution under the privileges of the current user and full impact to confidentiality, integrity, and availability.

Microsoft's security advisory directs administrators to apply the updates released for the affected Office versions. The vulnerability appears in CISA's catalog of known exploited vulnerabilities, confirming observed in-the-wild use.

EU & UK References

Vulnerability details

Microsoft Office 2010 SP2, Office 2013 SP1, and Office 2016 allow a remote code execution vulnerability when the software fails to properly handle objects in memory, aka "Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-0261 and…

more

CVE-2017-0281.

CWE(s)
KEV Date Added
10 February 2022

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

microsoft
office
2010, 2013, 2016

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires timely installation of the vendor patches that close the memory-handling flaw in Office.

preventdetect

Malicious-code protection mechanisms can inspect incoming documents and block or alert on the crafted Office files used for exploitation.

prevent

Running Office under least-privilege accounts limits the impact of arbitrary code execution to the current user context.

References