CVE-2017-0105

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word for Mac 2011, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from out-of-bound memory via a crafted Office document, aka "Microsoft Office Information Disclosure Vulnerability."

Published: Mar 17, 2017
Updated: Apr 13, 2023
CVE: CVE-2017-0105
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.5
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:P/I:N/A:N

CWEs:

CWE-200

Affected Software
References

Software	From	Fixed in
microsoft / word_for_mac	2011	2011.x
microsoft / office_web_apps	2010-sp2	2010-sp2.x
microsoft / office_compatibility_pack	--sp3	--sp3.x
microsoft / sharepoint_server	2010-sp2	2010-sp2.x
microsoft / office	2010-sp2	2010-sp2.x
microsoft / word	2007-sp3	2007-sp3.x

http://www.securityfocus.com/bid/96746
http://www.securitytracker.com/id/1038010
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0105

Vulnerability Database

289,599

CVE-2017-0105