mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-05-28 17:21:36 +00:00
128 lines
3.8 KiB
JSON
128 lines
3.8 KiB
JSON
{
|
|
"id": "CVE-2017-8508",
|
|
"sourceIdentifier": "secure@microsoft.com",
|
|
"published": "2017-06-15T01:29:03.787",
|
|
"lastModified": "2019-10-03T00:03:26.223",
|
|
"vulnStatus": "Analyzed",
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "A security feature bypass vulnerability exists in Microsoft Office software when it improperly handles the parsing of file formats, aka \"Microsoft Office Security Feature Bypass Vulnerability\"."
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "Se presenta una vulnerabilidad de omisi\u00f3n de la caracter\u00edstica de seguridad en el software de Microsoft Office cuando maneja inapropiadamente el an\u00e1lisis de formatos de archivo, tambi\u00e9n se conoce como \"Microsoft Office Security Feature Bypass Vulnerability\"."
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV30": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "3.0",
|
|
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
|
|
"attackVector": "LOCAL",
|
|
"attackComplexity": "LOW",
|
|
"privilegesRequired": "NONE",
|
|
"userInteraction": "REQUIRED",
|
|
"scope": "UNCHANGED",
|
|
"confidentialityImpact": "NONE",
|
|
"integrityImpact": "HIGH",
|
|
"availabilityImpact": "NONE",
|
|
"baseScore": 5.5,
|
|
"baseSeverity": "MEDIUM"
|
|
},
|
|
"exploitabilityScore": 1.8,
|
|
"impactScore": 3.6
|
|
}
|
|
],
|
|
"cvssMetricV2": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "2.0",
|
|
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
|
|
"accessVector": "NETWORK",
|
|
"accessComplexity": "MEDIUM",
|
|
"authentication": "NONE",
|
|
"confidentialityImpact": "NONE",
|
|
"integrityImpact": "PARTIAL",
|
|
"availabilityImpact": "NONE",
|
|
"baseScore": 4.3
|
|
},
|
|
"baseSeverity": "MEDIUM",
|
|
"exploitabilityScore": 8.6,
|
|
"impactScore": 2.9,
|
|
"acInsufInfo": false,
|
|
"obtainAllPrivilege": false,
|
|
"obtainUserPrivilege": false,
|
|
"obtainOtherPrivilege": false,
|
|
"userInteractionRequired": true
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "NVD-CWE-noinfo"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"configurations": [
|
|
{
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:microsoft:outlook:2007:sp3:*:*:*:*:*:*",
|
|
"matchCriteriaId": "8B32CD31-398A-4078-8B5B-B39DB9DB9A35"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:microsoft:outlook:2010:sp2:*:*:*:*:*:*",
|
|
"matchCriteriaId": "F9A115C1-45EB-4688-AD7C-C1854850EE9B"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:microsoft:outlook:2013:sp1:*:*:*:*:*:*",
|
|
"matchCriteriaId": "D7B6DF1E-0DDA-4809-B216-7CEFE0A53E2B"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:microsoft:outlook:2016:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "E2B1657C-0FF4-461A-BE2A-641275C4B0A0"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "http://www.securityfocus.com/bid/98828",
|
|
"source": "secure@microsoft.com",
|
|
"tags": [
|
|
"Third Party Advisory",
|
|
"VDB Entry"
|
|
]
|
|
},
|
|
{
|
|
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8508",
|
|
"source": "secure@microsoft.com",
|
|
"tags": [
|
|
"Patch",
|
|
"Vendor Advisory"
|
|
]
|
|
}
|
|
]
|
|
} |