{"containers": {"cna": {"affected": [{"product": "Microsoft Office", "vendor": "Microsoft Corporation", "versions": [{"status": "affected", "version": "Microsoft Office 2010 SP2, Office 2013 SP1, and Office 2016"}]}], "datePublic": "2017-05-09T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "Microsoft Office 2010 SP2, Office 2013 SP1, and Office 2016 allow a remote code execution vulnerability when the software fails to properly handle objects in memory, aka \"Office Remote Code Execution Vulnerability\". This CVE ID is unique from CVE-2017-0262 and CVE-2017-0281."}], "problemTypes": [{"descriptions": [{"description": "Remote Code Execution", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-07T09:57:01.000Z", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0261"}, {"name": "98104", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/98104"}, {"name": "1038444", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1038444"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secure@microsoft.com", "ID": "CVE-2017-0261", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Microsoft Office", "version": {"version_data": [{"version_value": "Microsoft Office 2010 SP2, Office 2013 SP1, and Office 2016"}]}}]}, "vendor_name": "Microsoft Corporation"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Microsoft Office 2010 SP2, Office 2013 SP1, and Office 2016 allow a remote code execution vulnerability when the software fails to properly handle objects in memory, aka \"Office Remote Code Execution Vulnerability\". This CVE ID is unique from CVE-2017-0262 and CVE-2017-0281."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Remote Code Execution"}]}]}, "references": {"reference_data": [{"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0261", "refsource": "CONFIRM", "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0261"}, {"name": "98104", "refsource": "BID", "url": "http://www.securityfocus.com/bid/98104"}, {"name": "1038444", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038444"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T12:55:19.147Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0261"}, {"name": "98104", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/98104"}, {"name": "1038444", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1038444"}]}, {"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-416", "lang": "en", "description": "CWE-416 Use After Free"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-02-10T16:22:03.149683Z", "id": "CVE-2017-0261", "options": [{"Exploitation": "active"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}, {"other": {"type": "kev", "content": {"dateAdded": "2022-03-03", "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2017-0261"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-10T19:08:48.885Z"}}]}, "cveMetadata": {"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2017-0261", "datePublished": "2017-05-12T14:00:00.000Z", "dateReserved": "2016-09-09T00:00:00.000Z", "dateUpdated": "2025-02-10T19:08:48.885Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0261", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "http://www.securityfocus.com/bid/98104", "name": "98104", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"]}, {"url": "http://www.securitytracker.com/id/1038444", "name": "1038444", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T12:55:19.147Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2017-0261", "role": "CISA Coordinator", "options": [{"Exploitation": "active"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-02-10T16:22:03.149683Z"}}}, {"other": {"type": "kev", "content": {"dateAdded": "2022-03-03", "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2017-0261"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-416", "description": "CWE-416 Use After Free"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-10T16:21:49.504Z"}}], "cna": {"affected": [{"vendor": "Microsoft Corporation", "product": "Microsoft Office", "versions": [{"status": "affected", "version": "Microsoft Office 2010 SP2, Office 2013 SP1, and Office 2016"}]}], "datePublic": "2017-05-09T00:00:00.000Z", "references": [{"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0261", "tags": ["x_refsource_CONFIRM"]}, {"url": "http://www.securityfocus.com/bid/98104", "name": "98104", "tags": ["vdb-entry", "x_refsource_BID"]}, {"url": "http://www.securitytracker.com/id/1038444", "name": "1038444", "tags": ["vdb-entry", "x_refsource_SECTRACK"]}], "descriptions": [{"lang": "en", "value": "Microsoft Office 2010 SP2, Office 2013 SP1, and Office 2016 allow a remote code execution vulnerability when the software fails to properly handle objects in memory, aka \"Office Remote Code Execution Vulnerability\". This CVE ID is unique from CVE-2017-0262 and CVE-2017-0281."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "Remote Code Execution"}]}], "providerMetadata": {"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft", "dateUpdated": "2017-07-07T09:57:01.000Z"}, "x_legacyV4Record": {"affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "Microsoft Office 2010 SP2, Office 2013 SP1, and Office 2016"}]}, "product_name": "Microsoft Office"}]}, "vendor_name": "Microsoft Corporation"}]}}, "data_type": "CVE", "references": {"reference_data": [{"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0261", "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0261", "refsource": "CONFIRM"}, {"url": "http://www.securityfocus.com/bid/98104", "name": "98104", "refsource": "BID"}, {"url": "http://www.securitytracker.com/id/1038444", "name": "1038444", "refsource": "SECTRACK"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "eng", "value": "Microsoft Office 2010 SP2, Office 2013 SP1, and Office 2016 allow a remote code execution vulnerability when the software fails to properly handle objects in memory, aka \"Office Remote Code Execution Vulnerability\". This CVE ID is unique from CVE-2017-0262 and CVE-2017-0281."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Remote Code Execution"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2017-0261", "STATE": "PUBLIC", "ASSIGNER": "secure@microsoft.com"}}}}, "cveMetadata": {"cveId": "CVE-2017-0261", "state": "PUBLISHED", "dateUpdated": "2025-02-10T19:08:48.885Z", "dateReserved": "2016-09-09T00:00:00.000Z", "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "datePublished": "2017-05-12T14:00:00.000Z", "assignerShortName": "microsoft"}, "dataVersion": "5.1"}

{"cisaActionDue": "2022-03-24", "cisaExploitAdd": "2022-03-03", "cisaRequiredAction": "Apply updates per vendor instructions.", "cisaVulnerabilityName": "Microsoft Office Use-After-Free Vulnerability", "configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:*:*", "matchCriteriaId": "081DE1E3-4622-4C32-8B9C-9AEC1CD20638", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:office:2013:sp1:*:*:*:*:*:*", "matchCriteriaId": "120690A6-E0A1-4E36-A35A-C87109ECC064", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:office:2016:*:*:*:*:*:*:*", "matchCriteriaId": "E0B3B0BC-C7C6-4687-AD72-DCA29FF9AE3A", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Microsoft Office 2010 SP2, Office 2013 SP1, and Office 2016 allow a remote code execution vulnerability when the software fails to properly handle objects in memory, aka \"Office Remote Code Execution Vulnerability\". This CVE ID is unique from CVE-2017-0262 and CVE-2017-0281."}, {"lang": "es", "value": "Office 2010 SP2, Office 2013 SP1 y Office 2016 de Microsoft, permiten una vulnerabilidad de ejecuci\u00f3n de c\u00f3digo remota cuando el software no puede manejar apropiadamente los objetos en la memoria, tambi\u00e9n se conoce como \"Office Remote Code Execution Vulnerability\". El ID de este CVE es diferente de CVE-2017-0262 y CVE-2017-0281."}], "id": "CVE-2017-0261", "lastModified": "2025-04-20T01:37:25.860", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2017-05-12T14:29:04.987", "references": [{"source": "secure@microsoft.com", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/98104"}, {"source": "secure@microsoft.com", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1038444"}, {"source": "secure@microsoft.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0261"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/98104"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1038444"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0261"}], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-416"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-416"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}