CVE-2017-8509

Name of the Vulnerable Software and Affected Versions Microsoft Office (affected versions not specified) Microsoft OneNote (affected versions not specified) Microsoft Word (affected versions not specified) Office Web Apps Server (affected versions not specified) Microsoft SharePoint Server (affected versions not specified) Microsoft Office Web Apps (affected versions not specified) Microsoft Office Compatibility Pack (affected versions not specified)

Description The issue is related to the improper handling of objects in memory, which can be exploited by an attacker to execute arbitrary code. This can be achieved by using a specially crafted file, allowing the attacker to perform actions in the security context of the current user. The exploitation requires a user to open the specially crafted file with an affected version of the software.

Recommendations For Microsoft Office, consider avoiding the use of specially crafted files until a fix is available. For Microsoft OneNote, restrict the opening of potentially malicious files to minimize the risk of exploitation. For Microsoft Word, as a temporary workaround, consider disabling the ability to open files from untrusted sources. For Office Web Apps Server, Microsoft SharePoint Server, Microsoft Office Web Apps, and Microsoft Office Compatibility Pack, at the moment, there is no information about a newer version that contains a fix for this vulnerability.