CVE-2017-0105 - OpenCVE

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word for Mac 2011, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from out-of-bound memory via a crafted Office document, aka "Microsoft Office Information Disclosure Vulnerability."

No CVSS v4.0

No CVSS v3.1

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:M/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Microsoft	Office Office Compatibility Pack Office Web Apps Sharepoint Server Word Word Automation Services Word For Mac

Configuration 1 [-]

OR	cpe:2.3:a:microsoft:office:2010:sp2::::::
	cpe:2.3:a:microsoft:office_compatibility_pack:-:sp3::::::
	cpe:2.3:a:microsoft:office_web_apps:2010:sp2::::::
	cpe:2.3:a:microsoft:sharepoint_server:2010:sp2::::::
	cpe:2.3:a:microsoft:word:2007:sp3::::::
	cpe:2.3:a:microsoft:word_automation_services:-:::::::*
	cpe:2.3:a:microsoft:word_for_mac:2011:::::::*

No data.

References

Link	Providers
http://www.securityfocus.com/bid/96746
http://www.securitytracker.com/id/1038010
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0105

History

No history.

MITRE

Status: PUBLISHED

Assigner: microsoft

Published: 2017-03-17T00:00:00

Updated: 2024-08-05T12:55:18.483Z

Reserved: 2016-09-09T00:00:00

Link: CVE-2017-0105

Vulnrichment

No data.

NVD

Status : Modified

Published: 2017-03-17T00:59:02.853

Modified: 2017-07-12T01:29:07.083

Link: CVE-2017-0105

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Office", "vendor": "Microsoft Corporation", "versions": [{"status": "affected", "version": "Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word for Mac 2011, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2"}]}], "datePublic": "2017-03-14T00:00:00", "descriptions": [{"lang": "en", "value": "Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word for Mac 2011, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from out-of-bound memory via a crafted Office document, aka \"Microsoft Office Information Disclosure Vulnerability.\""}], "problemTypes": [{"descriptions": [{"description": "Information Disclosure", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-11T09:57:01", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft"}, "references": [{"name": "1038010", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1038010"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0105"}, {"name": "96746", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/96746"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secure@microsoft.com", "ID": "CVE-2017-0105", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Office", "version": {"version_data": [{"version_value": "Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word for Mac 2011, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2"}]}}]}, "vendor_name": "Microsoft Corporation"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word for Mac 2011, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from out-of-bound memory via a crafted Office document, aka \"Microsoft Office Information Disclosure Vulnerability.\""}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Information Disclosure"}]}]}, "references": {"reference_data": [{"name": "1038010", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038010"}, {"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0105", "refsource": "CONFIRM", "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0105"}, {"name": "96746", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96746"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T12:55:18.483Z"}, "title": "CVE Program Container", "references": [{"name": "1038010", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1038010"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0105"}, {"name": "96746", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/96746"}]}]}, "cveMetadata": {"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2017-0105", "datePublished": "2017-03-17T00:00:00", "dateReserved": "2016-09-09T00:00:00", "dateUpdated": "2024-08-05T12:55:18.483Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:*:*", "matchCriteriaId": "081DE1E3-4622-4C32-8B9C-9AEC1CD20638", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:-:sp3:*:*:*:*:*:*", "matchCriteriaId": "71AF058A-2E5D-4B11-88DB-8903C64B13C1", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:office_web_apps:2010:sp2:*:*:*:*:*:*", "matchCriteriaId": "A8235774-4B57-4793-BE26-2CDE67532EDD", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*", "matchCriteriaId": "9A57C675-05A9-4BC2-AE95-7CA5CA6B1F73", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:word:2007:sp3:*:*:*:*:*:*", "matchCriteriaId": "7D006508-BFB0-4F21-A361-3DA644F51D8A", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:word_automation_services:-:*:*:*:*:*:*:*", "matchCriteriaId": "CC865581-3650-4DC4-9138-C2F71AA3B850", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:word_for_mac:2011:*:*:*:*:*:*:*", "matchCriteriaId": "B429C3AB-B405-4156-B63E-BA2BC6A84894", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word for Mac 2011, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from out-of-bound memory via a crafted Office document, aka \"Microsoft Office Information Disclosure Vulnerability.\""}, {"lang": "es", "value": "Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word for Mac 2011, Office Compatibility Pack SP3, Word Automation Services en SharePoint Server 2010 SP2 y Office Web Apps 2010 SP2 permiten a atacantes remotos obtener informaci\u00f3n sensible de la memoria fuera de l\u00edmites a trav\u00e9s de un documento de Office manipulado, vulnerabilidad tambi\u00e9n conocida como \"Microsoft Office Information Disclosure Vulnerability\"."}], "id": "CVE-2017-0105", "lastModified": "2017-07-12T01:29:07.083", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-03-17T00:59:02.853", "references": [{"source": "secure@microsoft.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/96746"}, {"source": "secure@microsoft.com", "url": "http://www.securitytracker.com/id/1038010"}, {"source": "secure@microsoft.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0105"}], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}