Vulnerability Description
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word for Mac 2011, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from out-of-bound memory via a crafted Office document, aka "Microsoft Office Information Disclosure Vulnerability."
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Office | 2010 |
| Microsoft | Office Compatibility Pack | - |
| Microsoft | Office Web Apps | 2010 |
| Microsoft | Sharepoint Server | 2010 |
| Microsoft | Word | 2007 |
| Microsoft | Word Automation Services | - |
| Microsoft | Word For Mac | 2011 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/96746Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1038010
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0105PatchVendor Advisory
- http://www.securityfocus.com/bid/96746Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1038010
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0105PatchVendor Advisory
FAQ
What is CVE-2017-0105?
CVE-2017-0105 is a vulnerability with a CVSS score of 5.5 (MEDIUM). Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word for Mac 2011, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow re...
How severe is CVE-2017-0105?
CVE-2017-0105 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-0105?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Office, Microsoft Office Compatibility Pack, Microsoft Office Web Apps, Microsoft Sharepoint Server, Microsoft Word.