CVE-2017-0281 (CNNVD-201705-504)
中文标题:
Microsoft Office 安全漏洞
英文标题:
Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2016, Office Online Server 2016,...
漏洞描述
中文描述:
Microsoft Office是美国微软(Microsoft)公司开发的一款办公软件套件产品。常用组件有Word、Excel、Access、Powerpoint、FrontPage等。 Microsoft Office中存在远程代码执行漏洞,该漏洞源于程序没有正确的处理内存中的对象。远程攻击者可通过诱使用户打开特制的文件利用该漏洞执行未授权的操作或造成拒绝服务。以下版本受到影响:Microsoft Office 2007 SP3;Office 2010 SP2;Office 2013 SP1;Office 2016;Office Online Server 2016;Office Web Apps 2010 SP2;Office Web Apps 2013 SP1;Project Server 2013 SP1;SharePoint Enterprise Server 2013 SP1;SharePoint Enterprise Server 2016;SharePoint Foundation 2013 SP1;Sharepoint Server 2010 SP2;Word 2016;Skype for Business 2016。
英文描述:
Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2016, Office Online Server 2016, Office Web Apps 2010 SP2,Office Web Apps 2013 SP1, Project Server 2013 SP1, SharePoint Enterprise Server 2013 SP1, SharePoint Enterprise Server 2016, SharePoint Foundation 2013 SP1, Sharepoint Server 2010 SP2, Word 2016, and Skype for Business 2016 allow a remote code execution vulnerability when the software fails to properly handle objects in memory, aka "Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-0261 and CVE-2017-0262.
CWE类型:
标签:
受影响产品
| 厂商 | 产品 | 版本 | 版本范围 | 平台 | CPE |
|---|---|---|---|---|---|
| Microsoft Corporation | Microsoft Office | Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2016, Office Online Server 2016, Office Web Apps 2010 SP2,Office Web Apps 2013 SP1, Project Server 2013 SP1, SharePoint Enterprise Server 2013 SP1, SharePoint Enterprise Server 2016, SharePoint Foundation 2013 SP1, Sharepoint Server 2010 SP2, Word 2016, and Skype for Business 2016. | - | - |
cpe:2.3:a:microsoft_corporation:microsoft_office:microsoft_office_2007_sp3,_office_2010_sp2,_office_2013_sp1,_office_2016,_office_online_server_2016,_office_web_apps_2010_sp2,office_web_apps_2013_sp1,_project_server_2013_sp1,_sharepoint_enterprise_server_2013_sp1,_sharepoint_enterprise_server_2016,_sharepoint_foundation_2013_sp1,_sharepoint_server_2010_sp2,_word_2016,_and_skype_for_business_2016.:*:*:*:*:*:*:*
|
| microsoft | office | 2007 | - | - |
cpe:2.3:a:microsoft:office:2007:sp3:*:*:*:*:*:*
|
| microsoft | office | 2010 | - | - |
cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:*:*
|
| microsoft | office | 2013 | - | - |
cpe:2.3:a:microsoft:office:2013:sp1:*:*:*:*:*:*
|
| microsoft | office | 2016 | - | - |
cpe:2.3:a:microsoft:office:2016:*:*:*:*:*:*:*
|
| microsoft | office_online_server | 2016 | - | - |
cpe:2.3:a:microsoft:office_online_server:2016:*:*:*:*:*:*:*
|
| microsoft | office_web_apps | 2010 | - | - |
cpe:2.3:a:microsoft:office_web_apps:2010:sp2:*:*:*:*:*:*
|
| microsoft | office_web_apps | 2013 | - | - |
cpe:2.3:a:microsoft:office_web_apps:2013:sp1:*:*:*:*:*:*
|
| microsoft | project_server | 2013 | - | - |
cpe:2.3:a:microsoft:project_server:2013:sp1:*:*:*:*:*:*
|
| microsoft | sharepoint_foundation | 2013 | - | - |
cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*
|
| microsoft | sharepoint_server | 2010 | - | - |
cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*
|
| microsoft | sharepoint_server | 2013 | - | - |
cpe:2.3:a:microsoft:sharepoint_server:2013:sp1:*:*:*:*:*:*
|
| microsoft | sharepoint_server | 2016 | - | - |
cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:*:*:*:*
|
| microsoft | skype_for_business | 2016 | - | - |
cpe:2.3:a:microsoft:skype_for_business:2016:*:*:*:*:*:*:*
|
| microsoft | word | 2016 | - | - |
cpe:2.3:a:microsoft:word:2016:*:*:*:*:*:*:*
|
解决方案
中文解决方案:
英文解决方案:
临时解决方案:
CVSS评分详情
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
时间信息
利用信息
数据源详情
| 数据源 | 记录ID | 版本 | 提取时间 |
|---|---|---|---|
| CVE | cve_CVE-2017-0281 |
2025-11-11 15:19:14 | 2025-11-11 07:34:28 |
| NVD | nvd_CVE-2017-0281 |
2025-11-11 14:55:28 | 2025-11-11 07:43:08 |
| CNNVD | cnnvd_CNNVD-201705-504 |
2025-11-11 15:09:49 | 2025-11-11 07:53:03 |
版本与语言
安全公告
变更历史
查看详细变更
- vulnerability_type: 未提取 -> 授权问题
- cnnvd_id: 未提取 -> CNNVD-201705-504
- data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']
查看详细变更
- severity: SeverityLevel.MEDIUM -> SeverityLevel.HIGH
- cvss_score: 未提取 -> 7.8
- cvss_vector: NOT_EXTRACTED -> CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
- cvss_version: NOT_EXTRACTED -> 3.0
- affected_products_count: 1 -> 15
- data_sources: ['cve'] -> ['cve', 'nvd']