Published: 10/01/2017 Updated: 12/10/2018
CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
VMScore: 828
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Summary

Microsoft Word 2016 and SharePoint Enterprise Server 2016 allow remote malicious users to execute arbitrary code via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability."

Vulnerability Trend

Affected Products

Vendor Product Versions
MicrosoftSharepoint Enterprise Server2016

Vendor Advisories

Microsoft Security Bulletin MS17-002 - Important 10/11/2017 5 minutes to read Contributors In this article Security Update for Microsoft Office (3214291)Executive SummaryAffected Software and Vulnerability Severit ...

Recent Articles

Microsoft Issues Record Low Number of Patch Tuesday Bulletins
Threatpost • Tom Spring • 10 Jan 2017

Microsoft’s first Patch Tuesday update of 2017 is one of the smallest in the history of the program with four bulletins released today, including three rated important along with Adobe’s monthly Flash Player update for Internet Explorer and Edge, which was rated critical by the vendor.
The Microsoft bulletins were for vulnerabilities in Office 2016, its Edge browser and its Local Security Authority Subsystem Service (LSASS).
The Office bulletin, MS17-002, includes a patch for a...

Microsoft's January 2017 Patch Tuesday Comes with 4 Security Updates
BleepingComputer • Catalin Cimpanu • 10 Jan 2017

Today, Microsoft released four security bulletins as part of its monthly security update train known as "Patch Tuesday."
This month, two of the four Microsoft security bulletins are rated as critical, the highest severity rating a bulletin can receive. Because of this, users should make sure they install this month's updates as soon as they have some free time.
The Patch Tuesday update fixes 15 unique vulnerabilities, among which 12 are inherited from Adobe Flash, and only three affe...