7.8 CVE-2017-0199

CISA Kev Catalog Used by Malware Patch Exploit
  

Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office 2013 SP1, Microsoft Office 2016, Microsoft Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, Windows 8.1 allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office/WordPad Remote Code Execution Vulnerability w/Windows API."
https://nvd.nist.gov/vuln/detail/CVE-2017-0199

Categories

CWE-NVD-noinfo

References


 

CPE

cpe start end
Configuration 1
cpe:2.3:a:microsoft:office:2007:sp3:*:*:*:*:*:*
cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:*:*
cpe:2.3:a:microsoft:office:2013:sp1:*:*:*:*:*:*
cpe:2.3:a:microsoft:office:2016:-:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_vista:-:sp2:*:*:*:*:*:*
Configuration 2
cpe:2.3:a:philips:intellispace_portal:7.0:*:*:*:*:*:*:*
cpe:2.3:a:philips:intellispace_portal:8.0:*:*:*:*:*:*:*

REMEDIATION

Patch

Url
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0199

EXPLOITS

Exploit-db.com

id description date
41934 Microsoft Office Word - '.RTF' Malicious HTA Execution (Metasploit) 2017-04-25

POC Github

Url
https://github.com/mzakyz666/PoC-CVE-2017-0199

Other Nist (github, ...)

Url
http://rewtin.blogspot.nl/2017/04/cve-2017-0199-practical-exploitation-poc.html
https://blog.nviso.be/2017/04/12/analysis-of-a-cve-2017-0199-malicious-rtf-do...
https://www.exploit-db.com/exploits/41894/
https://www.exploit-db.com/exploits/41934/
https://www.fireeye.com/blog/threat-research/2017/04/cve-2017-0199_useda.html
https://www.mdsec.co.uk/2017/04/exploiting-cve-2017-0199-hta-handler-vulnerab...

CAPEC

Common Attack Pattern Enumerations and Classifications

id description severity
No entry