VDB
CVE-2017-0195
CVE-2017-0195
PUBLISHED
CVSS 5.400000095367432 MEDIUM
Microsoft Excel Services on Microsoft SharePoint Server 2010 SP1 and SP2, Microsoft Excel Web Apps 2010 SP2, Microsoft Office Web Apps 2010 SP2, Microsoft Office Web Apps Server 2013 SP1 and Office Online Server allows remote attackers to perform cross-site scripting and run script with local user privileges via a crafted request, aka "Microsoft Office XSS Elevation of Privilege Vulnerability."
EPSS 0.96% · 76.9th percentile
Risk Scores
CVSS 3.0
5.400000095367432
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
EPSS Score
0.96%
76.9th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| microsoft | office_online_server | |
| Microsoft Corporation | Office | Excel Services on Microsoft SharePoint Server 2010 SP1 and SP2, Microsoft Excel Web Apps 2010 SP2, Microsoft Office Web Apps 2010 SP2, Microsoft Office Web Apps Server 2013 SP1, and Office Online Server |
| microsoft | office_web_apps_server | 2013 |
| microsoft | excel_web_app | 2010 |
| microsoft | sharepoint_server | 2010, 2010 |
| microsoft | office_web_apps | 2010 |
Exploit Intelligence
- ryhanson/CVE-2017-0204 (github-poc)
- ryhanson/CVE-2017-0204 (github-poc)
- ryhanson/CVE-2017-0204 (github-poc)
- ryhanson/CVE-2017-0204 (github-poc)
- CVE-2017-0199 XLS --> HTA --> VBS --> STEGANOGRAPHY --> DBATLOADER/GULOADER STYLE MALWARE (github-poc)
- CVE-2017-0199 XLS --> HTA --> VBS --> STEGANOGRAPHY --> DBATLOADER/GULOADER STYLE MALWARE (github-poc)
- CVE-2017-0199 XLS --> HTA --> VBS --> STEGANOGRAPHY --> DBATLOADER/GULOADER STYLE MALWARE (github-poc)
- CVE-2017-0199 XLS --> HTA --> VBS --> STEGANOGRAPHY --> DBATLOADER/GULOADER STYLE MALWARE (github-poc)
- This repository contains a full blue-team malware analysis of a real malicious DOCX exploiting CVE-2017-0199. The lab includes sandbox execution, network forensics, IOC extraction, MITRE ATT&CK mapping, dropped files review, and detection rules. Evidence screenshots are included inside the evidence folder for professional documentation. (github-poc)
- This repository contains a full blue-team malware analysis of a real malicious DOCX exploiting CVE-2017-0199. The lab includes sandbox execution, network forensics, IOC extraction, MITRE ATT&CK mapping, dropped files review, and detection rules. Evidence screenshots are included inside the evidence folder for professional documentation. (github-poc)
…and 112 more exploits
Timeline
- Apr 12, 2017 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Jul 2, 2021 PoC Published
- Aug 24, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- May 2, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Sep 5, 2022 EPSS Score
- Jan 8, 2023 EPSS Score