What is the severity of CVE-2017-0195?

CVE-2017-0195 has a severity rating of Important according to Microsoft.

How do I fix CVE-2017-0195?

To fix CVE-2017-0195, apply the security updates released by Microsoft for the affected products.

What software is affected by CVE-2017-0195?

CVE-2017-0195 affects Microsoft Excel Services on SharePoint Server 2010 SP1 and SP2, Office Web Apps 2010 SP2, and Office Online Server.

Can CVE-2017-0195 lead to data compromise?

Yes, CVE-2017-0195 can allow remote attackers to perform cross-site scripting, potentially compromising data.

Is there a workaround for CVE-2017-0195?

There are no specific workarounds for CVE-2017-0195; updating to the latest versions is the recommended action.

Vulnerability/
CVE-2017-0195

medium

5.4

CWE

12/4/2017

5/8/2024

CVE-2017-0195: XSS

First published: Wed Apr 12 2017(Updated: )

Microsoft Excel Services on Microsoft SharePoint Server 2010 SP1 and SP2, Microsoft Excel Web Apps 2010 SP2, Microsoft Office Web Apps 2010 SP2, Microsoft Office Web Apps Server 2013 SP1 and Office Online Server allows remote attackers to perform cross-site scripting and run script with local user privileges via a crafted request, aka "Microsoft Office XSS Elevation of Privilege Vulnerability."

Credit: secure@microsoft.com

Affected Software	Affected Version	How to fix
Microsoft Excel Web App	=2010-sp2
Microsoft Office Online Server
Microsoft Office Web Apps	=2010-sp2
Microsoft Office Web Apps Server	=2013-sp1
Microsoft SharePoint Server	=2010-sp1
Microsoft SharePoint Server	=2010-sp2

Remedy

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0195

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2017-0195?
CVE-2017-0195 has a severity rating of Important according to Microsoft.
How do I fix CVE-2017-0195?
To fix CVE-2017-0195, apply the security updates released by Microsoft for the affected products.
What software is affected by CVE-2017-0195?
CVE-2017-0195 affects Microsoft Excel Services on SharePoint Server 2010 SP1 and SP2, Office Web Apps 2010 SP2, and Office Online Server.
Can CVE-2017-0195 lead to data compromise?
Yes, CVE-2017-0195 can allow remote attackers to perform cross-site scripting, potentially compromising data.
Is there a workaround for CVE-2017-0195?
There are no specific workarounds for CVE-2017-0195; updating to the latest versions is the recommended action.

collector/nvd-index
agent/references
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/severity
agent/weakness
agent/remedy
agent/author
agent/description
agent/first-publish-date
agent/tags
agent/event
agent/source
vendor/microsoft
canonical/microsoft excel web app
version/microsoft excel web app/2010-sp2
canonical/microsoft office online server
canonical/microsoft office web apps
version/microsoft office web apps/2010-sp2
canonical/microsoft office web apps server
version/microsoft office web apps server/2013-sp1
canonical/microsoft sharepoint server
version/microsoft sharepoint server/2010-sp1
version/microsoft sharepoint server/2010-sp2

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.