Attacker Value

Very High

(1 user assessed)

Exploitability

Very High

(1 user assessed)

User Interaction

CVE-2017-0199

Disclosure Date: April 12, 2017 •

CVE-2017-0199 CVSS v3 Base Score: 7.8

Exploited in the Wild

Reported by AttackerKB Worker and 1 more...
View Source Details

Description

Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office 2013 SP1, Microsoft Office 2016, Microsoft Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, Windows 8.1 allow remote attackers to execute arbitrary code via a crafted document, aka “Microsoft Office/WordPad Remote Code Execution Vulnerability w/Windows API.”

Add Assessment

hrbrmstr (72)

May 12, 2020 7:44pm UTC (4 years ago)

Ratings

Attacker Value

Very High

Exploitability

Very High

Common in enterprise Vulnerable in default configuration

Technical Analysis

This CVE made it into US-CERT’s “Top 10” bulletin released in May, 2020 – https://www.us-cert.gov/ncas/alerts/aa20-133a / https://web.archive.org/web/20200512161248/https://www.us-cert.gov/ncas/alerts/aa20-133a

Vulnerable Products: Microsoft Office 2007 SP3/2010 SP2/2013 SP1/2016, Vista SP2, Server 2008 SP2, Windows 7 SP1, Windows 8.1
Associated Malware: FINSPY, LATENTBOT, Dridex
Mitigation: Update affected Microsoft products with the latest security patches
More Detail: https://nvd.nist.gov/vuln/detail/CVE-2017-0199
IOCs: https://www.us-cert.gov/ncas/analysis-reports/ar20-133g, https://www.us-cert.gov/ncas/analysis-reports/ar20-133h, https://www.us-cert.gov/ncas/analysis-reports/ar20-133p

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

7.8 High

Impact Score:

5.9

Exploitability Score:

1.8

Vector:

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector (AV):

Local

Attack Complexity (AC):

Low

Privileges Required (PR):

None

User Interaction (UI):

Required

Scope (S):

Unchanged

Confidentiality (C):

High

Integrity (I):

High

Availability (A):

High

Vendors

microsoft,
philips

Products

intellispace portal 7.0,
intellispace portal 8.0,
office 2007,
office 2010,
office 2013,
office 2016,
windows 7 -,
windows server 2008 -,
windows server 2008 r2,
windows server 2012 -,
windows vista -

Metasploit Modules

Microsoft Office Word Malicious Hta Execution (https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/fileformat/office_word_hta.rb)

Exploited in the Wild

Reported by:

AttackerKB Worker

Reported: September 25, 2020 8:38pm UTC (4 years ago)

gwillcox-r7 indicated sources as

Government or Industry Alert (https://us-cert.cisa.gov/ncas/alerts/aa20-133a)
News Article or Blog (https://securityaffairs.co/wordpress/126713/apt/bluenoroff-apt-cryptocurrency.html)
Other: Gov Alert on MuddyWater Iranian Exploitation (https://www.ic3.gov/Media/News/2022/220224.pdf)

Reported: November 03, 2021 3:26pm UTC (3 years ago) • Edited 2 years ago

References

Rapid7

Very High

CVE-2017-0199

Very High

Very High

Required

None

Local

CVE-2017-0199

Description

Add Assessment

Ratings

Technical Analysis

CVSS V3 Severity and Metrics

General Information

Vendors

Products

Metasploit Modules

Exploited in the Wild

References

Canonical

Advisory

Miscellaneous

Additional Info

Technical Analysis

Very High

CVE-2017-0199

Very High

Very High

Required

None

Local

CVE-2017-0199

Description

Add Assessment

Ratings

Technical Analysis

CVSS V3 Severity and Metrics

General Information

Vendors

Products

Metasploit Modules

Exploited in the Wild

References

Canonical

Advisory

Miscellaneous

Additional Info

Technical Analysis

Quick Cookie Notification