CVE-2017-0262

HIGH
2017-05-12 [email protected]
7.8
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
Analysis Generated
Mar 26, 2026 - 11:18 vuln.today
Added to CISA KEV
Oct 22, 2025 - 00:16 cisa
CISA KEV
Patch Released
Oct 22, 2025 - 00:16 nvd
Patch available
CVE Published
May 12, 2017 - 14:29 nvd
HIGH 7.8

Description

Microsoft Office 2010 SP2, Office 2013 SP1, and Office 2016 allow a remote code execution vulnerability when the software fails to properly handle objects in memory, aka "Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-0261 and CVE-2017-0281.

Analysis

Microsoft Office 2010 through 2016 allows remote code execution through improper handling of memory objects, exploited by APT28 in targeted campaigns alongside CVE-2017-0263 kernel escalation.

Technical Context

The vulnerability occurs when Office processes crafted EPS (Encapsulated PostScript) content embedded in documents. The EPS filter's memory handling flaw allows arbitrary code execution when the document is opened or previewed.

Affected Products

['Microsoft Office 2010 SP2', 'Microsoft Office 2013 SP1', 'Microsoft Office 2016']

Remediation

Apply Microsoft security update. Microsoft subsequently disabled EPS rendering in Office entirely (CVE-2017-0261 patch). Ensure EPS filters are disabled.

Priority Score

163
Low Medium High Critical
KEV: +50
EPSS: +64.3
CVSS: +39
POC: 0

Share

CVE-2017-0262 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy