Bird_banner_small4
Microsoft JET Database Engine Excel Component Buffer Overflow
TSL ID TSL20171010-29
CVE ID(s) CVE-2017-8717
Severity High
Description

A buffer overflow vulnerability has been reported in the Microsoft JET Database Engine. The vulnerability is due to improper handling of objects in memory.

A remote, unauthenticated attacker can exploit the vulnerability by enticing a user to open a specially crafted Excel file while using an affected version of Microsoft Windows. Successful exploitation results in arbitrary code execution under the context of the process.

The vendor, Microsoft, has released the following advisory regarding this vulnerability:

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8717

Affected Products
  • Microsoft Windows 10
  • Microsoft Windows 7
  • Microsoft Windows 8.1
  • Microsoft Windows RT 8.1
  • Microsoft Windows Server 2008
  • Microsoft Windows Server 2012
  • Microsoft Windows Server 2016
  • Microsoft Windows Server 2008 R2
  • Microsoft Windows Server 2012 R2
  • Microsoft Windows Server 2012 R2 (Server Core)
  • Microsoft Windows Server 2012 (Server Core)
  • Microsoft Windows Server 2016 Server Core
CVSS Score Base 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P):
  • Access vector is NETWORK
  • Access complexity is MEDIUM
  • Level of authentication required is NONE
  • Impact of this vulnerability on data confidentiality is PARTIAL
  • Impact of this vulnerability on data integrity is PARTIAL
  • Impact of this vulnerability on data availability is PARTIAL
Temporal 5.0 (E:U/RL:OF/RC:C):
  • The exploitability level of this vulnerability is UNPROVEN
  • The remediation level of this vulnerability is OFFICIAL FIX
  • The report confidence level of this vulnerability is CONFIRMED
Identifiers
ZDI
References https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8717
Related Threats