CVE-2017-0262
Published: 12 May 2017
Summary
CVE-2017-0262 is a high-severity an unspecified weakness vulnerability in Microsoft Office. Its CVSS base score is 7.8 (High).
Operationally, ranked in the top 1.5% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and AC-6 (Least Privilege).
Deeper analysis
Microsoft Office 2010 SP2, Office 2013 SP1, and Office 2016 contain a remote code execution vulnerability when the software fails to properly handle objects in memory. The flaw is tracked as CVE-2017-0262 and carries a CVSS 3.1 base score of 7.8 reflecting local attack vector, low attack complexity, no privileges required, and required user interaction.
An attacker can exploit the issue by supplying a malicious document that triggers improper memory handling once opened by a victim, resulting in arbitrary code execution under the privileges of the current user and full impact to confidentiality, integrity, and availability.
Microsoft's security advisory directs administrators to apply the updates released for the affected Office versions. The vulnerability appears in CISA's catalog of known exploited vulnerabilities, confirming observed in-the-wild use.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2017-0618
Vulnerability details
Microsoft Office 2010 SP2, Office 2013 SP1, and Office 2016 allow a remote code execution vulnerability when the software fails to properly handle objects in memory, aka "Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-0261 and…
more
CVE-2017-0281.
- CWE(s)
- KEV Date Added
- 10 February 2022
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires timely installation of the vendor patches that close the memory-handling flaw in Office.
Malicious-code protection mechanisms can inspect incoming documents and block or alert on the crafted Office files used for exploitation.
Running Office under least-privilege accounts limits the impact of arbitrary code execution to the current user context.