High severity7.8NVD Advisory· Published Mar 17, 2017· Updated May 13, 2026

CVE-2017-0020

Description

Microsoft Excel 2016, Excel 2010 SP2, Excel 2013 RT SP1, and Office Web Apps Server 2013 SP1 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability." This vulnerability is different from those described in CVE-2017-0006, CVE-2017-0019, CVE-2017-0030, CVE-2017-0031, CVE-2017-0052, and CVE-2017-0053.

Affected products

Microsoft/Excel3 versions
cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:*:*
- cpe:2.3:a:microsoft:excel:2013:sp1:*:*:rt:*:*:*
- cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:*:*
Microsoft/Office Web Apps
cpe:2.3:a:microsoft:office_web_apps:2013:sp1:*:*:*:*:*:*
Microsoft/Officev5
Range: Excel 2016, Excel 2010 SP2, Excel 2013 RT SP1, and Office Web Apps Server 2013 SP1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0020nvdPatchVendor Advisory
www.securityfocus.com/bid/96050nvdThird Party AdvisoryVDB Entry
www.securitytracker.com/id/1038010nvd

News mentions

No linked articles in our index yet.

cvss	0.507
epss	0.017
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000