CVE-2017-8570

HIGH
2017-07-11 [email protected]
7.8
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

5
Analysis Generated
Mar 26, 2026 - 11:18 vuln.today
Added to CISA KEV
Oct 22, 2025 - 00:16 cisa
CISA KEV
PoC Detected
Oct 22, 2025 - 00:16 vuln.today
Public exploit code
Patch Released
Oct 22, 2025 - 00:16 nvd
Patch available
CVE Published
Jul 11, 2017 - 21:29 nvd
HIGH 7.8

Description

Microsoft Office allows a remote code execution vulnerability due to the way that it handles objects in memory, aka "Microsoft Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-0243.

Analysis

Microsoft Office allows remote code execution through crafted documents that exploit the Composite Moniker vulnerability, enabling arbitrary DLL loading and code execution without user interaction beyond opening the file.

Technical Context

The vulnerability exploits Office's OLE Composite Moniker processing to load and execute arbitrary scriptlet (.sct) files. A crafted document triggers the moniker resolution, downloading and executing an HTA or scriptlet from an attacker's server.

Affected Products

['Microsoft Office (multiple versions affected)']

Remediation

Apply Microsoft security update. Block OLE object activation in Office via registry. Implement email gateway filtering for files containing OLE objects.

Priority Score

213
Low Medium High Critical
KEV: +50
EPSS: +94.2
CVSS: +39
POC: +20

Share

CVE-2017-8570 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy