PT-2017-10455 · Microsoft · Office Compatibility Pack+2
Published
2017-04-11
·
Updated
2017-07-11
·
CVE-2017-0194
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Microsoft Excel versions 2007 SP3 through 2010 SP2
Office Compatibility Pack version SP2
Description
The issue allows remote attackers to obtain sensitive information from process memory via a crafted Office document. This is related to improper disclosure of the contents of Microsoft Office memory, which could be used to compromise the user's computer or data.
Recommendations
For Microsoft Excel 2007 SP3, update to a version that fixes the information disclosure issue.
For Microsoft Excel 2010 SP2, update to a version that fixes the information disclosure issue.
For Office Compatibility Pack SP2, update to a version that fixes the information disclosure issue.
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Office Excel
Office
Office Compatibility Pack