Cyber Resilience

CVE-2017-8570

HighCISA KEVActive ExploitationEUVD ExploitedPublic PoC

Published: 11 July 2017

Published
11 July 2017
Modified
22 April 2026
KEV Added
25 February 2022
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.9422 99.9th percentile
Risk Priority 92 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2017-8570 is a high-severity an unspecified weakness vulnerability in Microsoft Office. Its CVSS base score is 7.8 (High).

Operationally, ranked in the top 0.1% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and SI-3 (Malicious Code Protection).

Deeper analysis

Microsoft Office is affected by a remote code execution vulnerability that stems from improper handling of objects in memory. The flaw, tracked as CVE-2017-8570 and distinct from CVE-2017-0243, carries a CVSS 3.1 base score of 7.8 with an attack vector requiring local access and user interaction.

An attacker can exploit the issue by supplying a specially crafted document that, once opened in a vulnerable Office application, allows arbitrary code to run in the context of the current user. Successful exploitation yields full control over confidentiality, integrity, and availability of the affected system without any elevation of privileges.

Public references include the Microsoft Security Response Center advisory at portal.msrc.microsoft.com, a SecurityFocus entry, and multiple repositories hosting proof-of-concept generators for PPSX and related file formats, indicating that working exploit code has been shared since disclosure.

EU & UK References

Vulnerability details

Microsoft Office allows a remote code execution vulnerability due to the way that it handles objects in memory, aka "Microsoft Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-0243.

CWE(s)
KEV Date Added
25 February 2022

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

microsoft
office
2007, 2010, 2013, 2016

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires timely installation of the vendor patch that corrects the memory-handling flaw exploited by crafted Office documents.

preventdetect

Deploys malicious-code detection mechanisms (AV, mail/content filters) that recognize and block the specially crafted PPSX/Office files used for exploitation.

SC-18 Mobile Code partial match
prevent

Establishes usage restrictions and configuration settings for mobile code and embedded objects within Office documents, limiting the attack surface that CVE-2017-8570 relies on.

References