Skip to main content

Microsoft Office CVE-2017-0262

HIGH
2017-05-12 secure@microsoft.com
7.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

6
Analysis Updated
Apr 22, 2026 - 14:02 vuln.today
v2 (cvss_changed)
Re-analysis Queued
Apr 21, 2026 - 15:22 vuln.today
cvss_changed
Analysis Generated
Mar 26, 2026 - 11:18 vuln.today
Added to CISA KEV
Oct 22, 2025 - 00:16 cisa
CISA KEV
Patch released
Oct 22, 2025 - 00:16 nvd
Patch available
CVE Published
May 12, 2017 - 14:29 nvd
HIGH 7.8

DescriptionCVE.org

Microsoft Office 2010 SP2, Office 2013 SP1, and Office 2016 allow a remote code execution vulnerability when the software fails to properly handle objects in memory, aka "Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-0261 and CVE-2017-0281.

AnalysisAI

Remote code execution in Microsoft Office 2010 SP2, 2013 SP1, and 2016 allows attackers to execute arbitrary code via maliciously crafted documents that trigger memory corruption when opened by victims. CISA KEV confirms active exploitation in the wild, with EPSS score of 64.26% (98th percentile) indicating very high real-world exploitation probability. Microsoft released patches in May 2017 security updates, making unpatched systems a critical priority for remediation.

Technical ContextAI

This vulnerability stems from improper memory handling when Microsoft Office processes document objects. The affected products (Office 2010 SP2, 2013 SP1, and 2016 per CPE data) fail to correctly validate or sanitize object structures during document parsing, leading to memory corruption conditions exploitable for arbitrary code execution. While no specific CWE classification is provided, the description points to a classic memory safety issue in Office's document processing engine. The local attack vector (AV:L) combined with required user interaction (UI:R) indicates exploitation requires victim interaction with attacker-supplied files, typically Office documents delivered via email, web download, or removable media. The vulnerability affects the core Office suite rather than a specific application component, impacting Word, Excel, PowerPoint, and potentially other Office applications sharing the vulnerable memory handling code.

RemediationAI

Apply Microsoft's May 2017 security updates immediately for all affected Office installations per the vendor advisory at https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0262. Organizations should prioritize patch deployment based on CISA KEV listing and active exploitation status. For systems where immediate patching is infeasible, implement compensating controls: enable Office Protected View to sandbox untrusted documents from internet, email, and potentially unsafe locations (Settings > Trust Center > Protected View); configure Group Policy to block execution of Office macros from internet sources; deploy application whitelisting to prevent unauthorized code execution; implement email gateway scanning to quarantine suspicious Office attachments. Note that Protected View provides defense-in-depth but may impact usability for legitimate external documents. For air-gapped or legacy systems unable to patch, consider migrating critical workflows to Office 2019 or Microsoft 365 Apps with modern exploit mitigations, though migration introduces operational overhead and compatibility testing requirements.

Share

CVE-2017-0262 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy