CVE-2017-0027

Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, and Excel Services on SharePoint Server 2013 SP1 allow remote attackers to obtain sensitive information from process memory via a crafted Office document, aka "Microsoft Office Information Disclosure Vulnerability."

Published: Mar 17, 2017
Updated: Apr 13, 2023
CVE: CVE-2017-0027
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 4.7
AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

CVSS v2:

Severity: Low
Score: 2.6
AV:N/AC:H/Au:N/C:P/I:N/A:N

CWEs:

CWE-200

Affected Software
References

Software	From	Fixed in
microsoft / excel	2016	2016.x
microsoft / sharepoint_server	2013-sp1	2013-sp1.x
microsoft / office_compatibility_pack	-	-
microsoft / excel	2013-sp1	2013-sp1.x
microsoft / excel	2007-sp3	2007-sp3.x
microsoft / excel	2010-sp2	2010-sp2.x

http://www.securityfocus.com/bid/96043
http://www.securitytracker.com/id/1038010
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0027

Vulnerability Database

289,599

CVE-2017-0027