Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office 2013 SP1, Microsoft Office 2016, Microsoft Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, Windows 8.1 allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office/WordPad Remote Code Execution Vulnerability w/Windows API."
Published 2017-04-12 14:59:01
Updated 2019-10-03 00:03:26
View at NVD,   CVE.org
Vulnerability category: Execute code

CVE-2017-0199 is in the CISA Known Exploited Vulnerabilities Catalog

This issue is known to have been leveraged as part of a ransomware campaign.
CISA vulnerability name:
Microsoft Office and WordPad Remote Code Execution Vulnerability
CISA required action:
Apply updates per vendor instructions.
CISA description:
Microsoft Office and WordPad contain an unspecified vulnerability due to the way the applications parse specially crafted files. Successful exploitation allows for remote code execution.
Added on 2021-11-03 Action due date 2022-05-03

Exploit prediction scoring system (EPSS) score for CVE-2017-0199

Probability of exploitation activity in the next 30 days: 97.43%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 100 % EPSS Score History EPSS FAQ

Metasploit modules for CVE-2017-0199

  • Microsoft Office Word Malicious Hta Execution
    Disclosure Date: 2017-04-14
    First seen: 2020-04-26
    exploit/windows/fileformat/office_word_hta
    This module creates a malicious RTF file that when opened in vulnerable versions of Microsoft Word will lead to code execution. The flaw exists in how a olelink object can make a http(s) request, and execute hta code in response. This bug was originally seen

CVSS scores for CVE-2017-0199

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Score Source
9.3
HIGH AV:N/AC:M/Au:N/C:C/I:C/A:C
8.6
10.0
NIST
7.8
HIGH CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1.8
5.9
NIST

References for CVE-2017-0199

Products affected by CVE-2017-0199

This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!