CVE-2017-8570
Published: 11 July 2017
Summary
CVE-2017-8570 is a high-severity an unspecified weakness vulnerability in Microsoft Office. Its CVSS base score is 7.8 (High).
Operationally, ranked in the top 0.1% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and SI-3 (Malicious Code Protection).
Deeper analysis
Microsoft Office is affected by a remote code execution vulnerability that stems from improper handling of objects in memory. The flaw, tracked as CVE-2017-8570 and distinct from CVE-2017-0243, carries a CVSS 3.1 base score of 7.8 with an attack vector requiring local access and user interaction.
An attacker can exploit the issue by supplying a specially crafted document that, once opened in a vulnerable Office application, allows arbitrary code to run in the context of the current user. Successful exploitation yields full control over confidentiality, integrity, and availability of the affected system without any elevation of privileges.
Public references include the Microsoft Security Response Center advisory at portal.msrc.microsoft.com, a SecurityFocus entry, and multiple repositories hosting proof-of-concept generators for PPSX and related file formats, indicating that working exploit code has been shared since disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2017-17520
Vulnerability details
Microsoft Office allows a remote code execution vulnerability due to the way that it handles objects in memory, aka "Microsoft Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-0243.
- CWE(s)
- KEV Date Added
- 25 February 2022
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires timely installation of the vendor patch that corrects the memory-handling flaw exploited by crafted Office documents.
Deploys malicious-code detection mechanisms (AV, mail/content filters) that recognize and block the specially crafted PPSX/Office files used for exploitation.
Establishes usage restrictions and configuration settings for mobile code and embedded objects within Office documents, limiting the attack surface that CVE-2017-8570 relies on.