CVE-2017-0197
Low
Low
Medium
High
Critical
CVSS Score
Vulnerability Description
Microsoft OneNote 2007 SP3 and Microsoft OneNote 2010 SP2 allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office DLL Loading Vulnerability."
Known Affected Software
2 configuration(s) from 1 vendor(s)
onenote
Version:
2007
CPE:
cpe:2.3:a:microsoft:onenote:2007:sp3:*:*:*:*:*:*
onenote
Version:
2010
CPE:
cpe:2.3:a:microsoft:onenote:2010:sp2:*:*:*:*:*:*
This vulnerability affects 2 software configuration(s). Ensure you patch all affected systems.
References & Resources
-
http://www.securityfocus.com/bid/97411secure@microsoft.com Third Party Advisory VDB Entry
-
http://www.securitytracker.com/id/1038241secure@microsoft.com
-
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0197secure@microsoft.com Patch Vendor Advisory
-
https://twitter.com/buffaloverflow/status/852937040480149505secure@microsoft.com Third Party Advisory
-
http://www.securityfocus.com/bid/97411af854a3a-2127-422b-91ae-364da2661108 Third Party Advisory VDB Entry
-
http://www.securitytracker.com/id/1038241af854a3a-2127-422b-91ae-364da2661108
-
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0197af854a3a-2127-422b-91ae-364da2661108 Patch Vendor Advisory
-
https://twitter.com/buffaloverflow/status/852937040480149505af854a3a-2127-422b-91ae-364da2661108 Third Party Advisory
Severity Details
out of 10.0
Low
Weakness Type (CWE)
CWE-20
Top 25 #14
Improper Input Validation
- Description
- The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
- Exploit Likelihood
- High
- Typical Severity
- High
- Abstraction Level
- Class
Key Information
- Published Date
- April 12, 2017
