CVE-2017-0199: Microsoft Office and WordPad Remote Code Execution Vulnerability
First published: Wed Apr 12 2017(Updated: )
Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office 2013 SP1, Microsoft Office 2016, Microsoft Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, Windows 8.1 allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office/WordPad Remote Code Execution Vulnerability w/Windows API."
Credit: secure@microsoft.com secure@microsoft.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Microsoft Office and WordPad | ||
| Microsoft Office | =2007-sp3 | |
| Microsoft Office | =2010-sp2 | |
| Microsoft Office | =2013-sp1 | |
| Microsoft Office | =2016 | |
| Microsoft Windows 7 | =sp1 | |
| Microsoft Windows Server 2008 Itanium | =sp2 | |
| Microsoft Windows Server 2008 Itanium | =r2-sp1 | |
| Microsoft Windows Server 2012 x64 | ||
| Microsoft Windows Vista | =sp2 | |
| Philips IntelliSpace Portal | =7.0 | |
| Philips IntelliSpace Portal | =8.0 | |
| Microsoft Office | =2016 | |
| Microsoft Windows 7 | =sp1 | |
| Microsoft Windows Server 2008 Itanium | =sp2 | |
| Microsoft Windows Vista | =sp2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://rewtin.blogspot.nl/2017/04/cve-2017-0199-practical-exploitation-poc.html
- http://www.securityfocus.com/bid/97498
- http://www.securitytracker.com/id/1038224
- https://blog.nviso.be/2017/04/12/analysis-of-a-cve-2017-0199-malicious-rtf-document/
- https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0199
- https://www.exploit-db.com/exploits/41894/
- https://www.exploit-db.com/exploits/41934/
- https://www.exploit-db.com/exploits/42995/
- https://www.fireeye.com/blog/threat-research/2017/04/cve-2017-0199_useda.html
- https://www.mdsec.co.uk/2017/04/exploiting-cve-2017-0199-hta-handler-vulnerability/
- https://nvd.nist.gov/vuln/detail/CVE-2017-0199
Frequently Asked Questions
What is the severity of CVE-2017-0199?
CVE-2017-0199 has a critical severity rating due to its ability to allow remote code execution through specially crafted documents.
How do I fix CVE-2017-0199?
To fix CVE-2017-0199, users should apply the latest security updates provided by Microsoft for the affected versions of Office and Windows.
What software is affected by CVE-2017-0199?
CVE-2017-0199 affects multiple versions of Microsoft Office, including Office 2007 SP3, 2010 SP2, 2013 SP1, and 2016, along with various Windows operating systems.
How does CVE-2017-0199 exploit work?
CVE-2017-0199 exploits vulnerabilities in Microsoft Office and WordPad to execute arbitrary code via crafted documents, allowing remote attackers to gain control.
Is there a workaround for CVE-2017-0199?
While the best solution is to apply patches, users can mitigate the risk of CVE-2017-0199 by avoiding opening untrusted documents or enabling Protected View in Office.
- agent/type
- agent/description
- agent/title
- agent/remedy
- agent/author
- agent/severity
- collector/mitre-cve
- source/MITRE
- agent/first-publish-date
- exploited/true
- ransomware/true
- collector/cisa-known-exploited
- source/CISA
- agent/software-canonical-lookup
- agent/references
- agent/event
- agent/last-modified-date
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup-request
- collector/nvd-cve
- collector/nvd-index
- vendor/microsoft
- canonical/microsoft office and wordpad
- canonical/microsoft office
- version/microsoft office/2007-sp3
- version/microsoft office/2010-sp2
- version/microsoft office/2013-sp1
- version/microsoft office/2016
- canonical/microsoft windows 7
- version/microsoft windows 7/sp1
- canonical/microsoft windows server 2008 itanium
- version/microsoft windows server 2008 itanium/sp2
- version/microsoft windows server 2008 itanium/r2-sp1
- canonical/microsoft windows server 2012 x64
- canonical/microsoft windows vista
- version/microsoft windows vista/sp2
- vendor/philips
- canonical/philips intellispace portal
- version/philips intellispace portal/7.0
- version/philips intellispace portal/8.0