Rapid7 Vulnerability & Exploit Database

Microsoft Windows: CVE-2017-0199: Microsoft Office/WordPad Remote Code Execution Vulnerability w/Windows

Free InsightVM Trial No Credit Card Necessary
2024 Attack Intel Report Latest research by Rapid7 Labs
Back to Search

Microsoft Windows: CVE-2017-0199: Microsoft Office/WordPad Remote Code Execution Vulnerability w/Windows

Severity
9
CVSS
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
Published
04/11/2017
Created
07/25/2018
Added
04/11/2017
Modified
09/06/2024

Description

Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office 2013 SP1, Microsoft Office 2016, Microsoft Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, Windows 8.1 allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office/WordPad Remote Code Execution Vulnerability w/Windows API."

Solution(s)

  • microsoft-windows-windows_server_2012-kb4015548
  • msft-kb3141529-f5b3f5e2-09ff-44e0-8799-d50a4c7da981
  • msft-kb3141538-2eda1995-af50-4493-81b3-6027b20986ad
  • msft-kb3141538-6be5e673-e3f6-4c8e-8834-732baf0eb5d3
  • msft-kb3178710-6a1d765c-2972-4a39-b223-c4bba198e659
  • msft-kb3178710-7ff87282-40e2-4090-aa68-2c844f03885e
  • msft-kb4014793-03e738e4-e8cf-44ec-927b-ff7a06d2e62d
  • msft-kb4014793-0aa6ff72-0e80-49a5-8863-c7a06f9ee57f
  • msft-kb4014793-2c4cf89d-a1e3-4e8d-89a6-732be58d1953
  • msft-kb4014793-8d8b4571-dce0-40cb-9848-6a49b806a09b
  • msft-kb4014793-a6fab700-f42d-4b24-b96a-1129996c55d6
  • msft-kb4014793-d71126d3-5f8d-48c8-980d-93733260ff2a
  • msft-kb4015546-592c9a40-6bdc-4122-8496-0b4295cf7a86
  • msft-kb4015546-61107fd4-8fba-4639-9c3a-d70a69936b4e
  • msft-kb4015546-7026cec0-32bf-4488-b45a-838aa929c109
  • msft-kb4015546-c77661d2-7566-4f86-943c-264545419691
  • msft-kb4015546-cc8006a9-8438-45aa-a20d-cceef511098d
  • msft-kb4015546-e2e88e16-fd32-4c2e-8848-69817601c17b
  • msft-kb4015548-72db1a7d-338c-4903-9869-9fd8258b643a
  • msft-kb4015548-d1986d38-72dd-4e1a-877e-70a3f77f7802

References

insightVM

Advanced vulnerability management analytics and reporting.
Key Features
  • Lightweight Endpoint Agent
  • Live Dashboards
  • Real Risk Prioritization
  • IT-Integrated Remediation Projects
  • Cloud, Virtual, and Container Assessment
  • Integrated Threat Feeds
  • Easy-to-Use RESTful API
  • Automation-Assisted Patching
  • Automated Containment
Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;