Vulnerability Name: CVE-2017-8742 (CCN-131164) Assigned: 2017-09-12 Published: 2017-09-12 Updated: 2017-09-29 Summary: A remote code execution vulnerability exists in Microsoft PowerPoint 2007 Service Pack 3, Microsoft PowerPoint 2010 Service Pack 2, Microsoft PowerPoint 2013 Service Pack 1, Microsoft PowerPoint 2013 RT Service Pack 1, Microsoft PowerPoint 2016, Microsoft PowerPoint Viewer 2007, Microsoft SharePoint Server 2013 Service Pack 1, Microsoft SharePoint Enterprise Server 2016, Microsoft Office Web Apps 2010 Service Pack 2, and Microsoft Office Compatibility Pack Service Pack 3 when they fail to properly handle objects in memory, aka "PowerPoint Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8743 . CVSS v3 Severity: 7.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 6.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitability Metrics: Attack Vector (AV): LocalAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): RequiredScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): HighIntegrity (I): HighAvailibility (A): High
7.8 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 6.8 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitability Metrics: Attack Vector (AV): LocalAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): RequiredScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): HighIntegrity (I): HighAvailibility (A): High
CVSS v2 Severity: 9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): MediumAuthentication (Au): NoneImpact Metrics: Confidentiality (C): CompleteIntegrity (I): CompleteAvailibility (A): Complete
6.8 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:S/C:C/I:C/A:C Exploitability Metrics: Access Vector (AV): LocalAccess Complexity (AC): LowAthentication (Au): Single_InstanceImpact Metrics: Confidentiality (C): CompleteIntegrity (I): CompleteAvailibility (A): Complete
Vulnerability Type: CWE-119 Vulnerability Consequences: Gain Access References: Source: MITRECVE-2017-8742 100741 Microsoft PowerPoint CVE-2017-8742 Remote Code Execution Vulnerability 1039323 ms-powerpoint-cve20178742-code-exec(131164) PowerPoint Remote Code Execution Vulnerability https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8742 Vulnerable Configuration: Configuration 1 :cpe:/a:microsoft:office_compatibility_pack:-:sp3:*:*:*:*:*:* OR cpe:/a:microsoft:office_web_apps:2010:sp2:*:*:*:*:*:* OR cpe:/a:microsoft:office_web_apps_server:2013:sp1:*:*:*:*:*:* OR cpe:/a:microsoft:powerpoint:2007:sp3:*:*:*:*:*:* OR cpe:/a:microsoft:powerpoint:2010:sp2:*:*:*:*:*:* OR cpe:/a:microsoft:powerpoint:2013:sp1:*:*:*:*:*:* OR cpe:/a:microsoft:powerpoint:2013:sp1:*:*:rt:*:*:* OR cpe:/a:microsoft:powerpoint:2016:*:*:*:*:*:*:* OR cpe:/a:microsoft:powerpoint_viewer:2010:*:*:*:*:*:*:* OR cpe:/a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:* OR cpe:/a:microsoft:sharepoint_server:2016:*:*:*:*:*:*:* Configuration CCN 1 :cpe:/a:microsoft:powerpoint_viewer:2007:*:*:*:*:*:*:* OR cpe:/a:microsoft:powerpoint:2007:sp3:*:*:*:*:*:* OR cpe:/a:microsoft:office_web_apps:2010:sp2:*:*:*:*:*:* OR cpe:/a:microsoft:office_web_apps:2013:sp1:*:*:*:*:*:* OR cpe:/a:microsoft:sharepoint_server:2013:sp1:*:*:*:*:*:* OR cpe:/a:microsoft:powerpoint:2013:sp1:*:*:rt:*:*:* OR cpe:/a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:* BACK
microsoft office compatibility pack - sp3
microsoft office web apps 2010 sp2
microsoft office web apps server 2013 sp1
microsoft powerpoint 2007 sp3
microsoft powerpoint 2010 sp2
microsoft powerpoint 2013 sp1
microsoft powerpoint 2013 sp1
microsoft powerpoint 2016
microsoft powerpoint viewer 2010
microsoft sharepoint enterprise server 2016
microsoft sharepoint server 2016
microsoft powerpoint viewer 2007
microsoft powerpoint 2007 sp3
microsoft office web apps 2010 sp2
microsoft office web apps 2013 sp1
microsoft sharepoint server 2013 sp1
microsoft powerpoint 2013 sp1
microsoft sharepoint enterprise server 2016
Denotes that component is vulnerable