Vulnerability CVE-2017-0195


Published: 2017-04-12

Description:
Microsoft Excel Services on Microsoft SharePoint Server 2010 SP1 and SP2, Microsoft Excel Web Apps 2010 SP2, Microsoft Office Web Apps 2010 SP2, Microsoft Office Web Apps Server 2013 SP1 and Office Online Server allows remote attackers to perform cross-site scripting and run script with local user privileges via a crafted request, aka "Microsoft Office XSS Elevation of Privilege Vulnerability."

CVSS2 => (AV:N/AC:M/Au:S/C:N/I:P/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
3.5/10
2.9/10
6.8/10
Exploit range
Attack complexity
Authentication
Remote
Medium
Single time
Confidentiality impact
Integrity impact
Availability impact
None
Partial
None
Affected software
Microsoft -> Office web apps server 
Microsoft -> Office web apps 
Microsoft -> Sharepoint server 
Microsoft -> Excel web app 
Microsoft -> Office online server 

 References:
http://www.securityfocus.com/bid/97417
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0195

Copyright 2024, cxsecurity.com

 

Back to Top