Skip to main content

Office Online Server CVE-2017-8743

HIGH
Buffer Overflow (CWE-119)
2017-09-13 secure@microsoft.com
7.8
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Sep 13, 2017 - 01:29 cve.org
HIGH 7.8

DescriptionCVE.org

A remote code execution vulnerability exists in Microsoft PowerPoint 2016, Microsoft SharePoint Enterprise Server 2016, and Office Online Server when they fail to properly handle objects in memory, aka "PowerPoint Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8742.

AnalysisAI

A remote code execution vulnerability exists in Microsoft PowerPoint 2016, Microsoft SharePoint Enterprise Server 2016, and Office Online Server when they fail to properly handle objects in memory,. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 32.4%.

Technical ContextAI

This vulnerability is classified as Buffer Overflow (CWE-119), which allows attackers to corrupt memory to execute arbitrary code or crash the application. A remote code execution vulnerability exists in Microsoft PowerPoint 2016, Microsoft SharePoint Enterprise Server 2016, and Office Online Server when they fail to properly handle objects in memory, aka "PowerPoint Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8742. Affected products include: Microsoft Office Online Server, Microsoft Powerpoint, Microsoft Sharepoint Server.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Use memory-safe languages or bounds-checking. Enable ASLR, DEP/NX, stack canaries. Use safe string functions.

CVE-2016-3282 HIGH
7.8 Jul 13

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Word for Mac 2011,

CVE-2017-0281 HIGH
7.8 May 12

Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2016, Office Online Server 2016, Office Web Apps 201

CVE-2017-8501 HIGH
7.8 Jul 11

Microsoft Office allows a remote code execution vulnerability due to the way that it handles objects in memory, aka "Mic

CVE-2023-21716 CRITICAL POC
9.8 Feb 14

Microsoft Word Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely e

CVE-2016-3358 HIGH
7.8 Sep 14

Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel 2016 for Mac, Office Comp

CVE-2016-0025 HIGH
7.3 Jun 16

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Office 2016, Word 2016, Word f

CVE-2022-41106 HIGH
8.8 Nov 09

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely expl

CVE-2017-8631 HIGH
7.8 Sep 13

A remote code execution vulnerability exists in Excel Services, Microsoft Excel 2007 Service Pack 3, Microsoft Excel 201

CVE-2025-27751 HIGH POC
7.8 Apr 08

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. Rated high severity (C

CVE-2025-47165 HIGH POC
7.8 Jun 10

Use-after-free vulnerability in Microsoft Office Excel that allows local code execution with high severity (CVSS 7.8). A

CVE-2023-33137 HIGH POC
7.8 Jun 14

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentica

CVE-2023-23399 HIGH POC
7.8 Mar 14

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentica

Share

CVE-2017-8743 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy