Microsoft Office CVE-2017-0197 DLL Loading Remote Code Execution Vulnerability



Microsoft Office is prone to a remote code-execution vulnerability.

An attacker can leverage this issue to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely result in denial-of-service conditions.

Information

Bugtraq ID: 97411
Class: Unknown
CVE: CVE-2017-0197

Remote: Yes
Local: No
Published: Apr 11 2017 12:00AM
Updated: Apr 18 2017 12:03AM
Credit: Yorick Koster of Securify B.V.
Vulnerable: Microsoft OneNote 2010 Service Pack 2 (64-bit editions) 0
Microsoft OneNote 2010 Service Pack 2 (32-bit editions) 0
Microsoft OneNote 2007 SP3


Not Vulnerable:

Exploit


A general exploit technique has been documented by TheLeader and H.D. Moore for the Metasploit Project; please see the references for more information.


Related Posts