Vulnerability Description
A remote code execution vulnerability exists in Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, Microsoft Excel 2016, Microsoft Office Web Apps 2013, Microsoft Excel for Mac 2011, Microsoft Excel 2016 for Mac, and Microsoft Office Compatibility Pack Service Pack 3, when they fail to properly handle objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8630, CVE-2017-8631, and CVE-2017-8744.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Excel | 2010 |
| Microsoft | Excel For Mac | 2011 |
| Microsoft | Office Compatibility Pack | All versions |
| Microsoft | Office Web Apps | 2013 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/100734Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1039315Third Party AdvisoryVDB Entry
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8632PatchVendor Advisory
- http://www.securityfocus.com/bid/100734Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1039315Third Party AdvisoryVDB Entry
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8632PatchVendor Advisory
FAQ
What is CVE-2017-8632?
CVE-2017-8632 is a vulnerability with a CVSS score of 7.8 (HIGH). A remote code execution vulnerability exists in Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, Microsoft Excel 2016, Microsoft Office...
How severe is CVE-2017-8632?
CVE-2017-8632 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-8632?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Excel, Microsoft Excel For Mac, Microsoft Office Compatibility Pack, Microsoft Office Web Apps.