CVE-2017-8742

Name of the Vulnerable Software and Affected Versions Microsoft PowerPoint 2007 Service Pack 3 Microsoft PowerPoint 2010 Service Pack 2 Microsoft PowerPoint 2013 Service Pack 1 Microsoft PowerPoint 2013 RT Service Pack 1 Microsoft PowerPoint 2016 Microsoft PowerPoint Viewer 2007 Microsoft SharePoint Server 2013 Service Pack 1 Microsoft SharePoint Enterprise Server 2016 Microsoft Office Web Apps 2010 Service Pack 2 Microsoft Office Compatibility Pack Service Pack 3

Description A remote code execution issue exists when the software fails to properly handle objects in memory. An attacker who successfully exploits this issue could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system, allowing them to install programs, view, change, or delete data, or create new accounts with full user rights. Exploitation requires a user to open a specially crafted file with an affected version of Microsoft Office software.

Recommendations For Microsoft PowerPoint 2007 Service Pack 3, update to a newer version to mitigate the risk. For Microsoft PowerPoint 2010 Service Pack 2, update to a newer version to mitigate the risk. For Microsoft PowerPoint 2013 Service Pack 1, update to a newer version to mitigate the risk. For Microsoft PowerPoint 2013 RT Service Pack 1, update to a newer version to mitigate the risk. For Microsoft PowerPoint 2016, update to a newer version to mitigate the risk. For Microsoft PowerPoint Viewer 2007, update to a newer version to mitigate the risk. For Microsoft SharePoint Server 2013 Service Pack 1, update to a newer version to mitigate the risk. For Microsoft SharePoint Enterprise Server 2016, update to a newer version to mitigate the risk. For Microsoft Office Web Apps 2010 Service Pack 2, update to a newer version to mitigate the risk. For Microsoft Office Compatibility Pack Service Pack 3, update to a newer version to mitigate the risk. As a temporary workaround, consider avoiding the use of affected Microsoft Office software to open specially crafted files until a patch is available.