Main Vulnerability Database Vulnerabilities #VU6025

#VU6025 Out-of-bounds Read in Microsoft products - CVE-2017-0105

Published: March 14, 2017

Vulnerability identifier: #VU6025

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2017-0105

CWE-ID: CWE-125

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Microsoft Office
Microsoft Word
Microsoft Word for macOS
Word Automation Services on Microsoft SharePoint Server

Software vendor:
Microsoft

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The vulnerability exists due to out-of-bounds memory read when handling malicious Word files. A remote attacker can create a specially crafted .doc file, trick the victim into opening it, trigger memory corruption and gain access to important data.

Successful exploitation of this vulnerability may result in information disclosure on the vulnerable system.

Remediation

Install update from vendor's website.

External links

https://technet.microsoft.com/en-us/library/security/MS17-014