Medium severity4.7NVD Advisory· Published Mar 17, 2017· Updated May 13, 2026

CVE-2017-0027

Description

Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, and Excel Services on SharePoint Server 2013 SP1 allow remote attackers to obtain sensitive information from process memory via a crafted Office document, aka "Microsoft Office Information Disclosure Vulnerability."

Affected products

Microsoft/Excel4 versions
cpe:2.3:a:microsoft:excel:2007:sp3:*:*:*:*:*:*+ 3 more
- cpe:2.3:a:microsoft:excel:2007:sp3:*:*:*:*:*:*
- cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:x64:*
- cpe:2.3:a:microsoft:excel:2013:sp1:*:*:rt:*:*:*
- cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:*:*
Microsoft/Office Compatibility Pack
cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*
Microsoft/Sharepoint Server
cpe:2.3:a:microsoft:sharepoint_server:2013:sp1:*:*:*:*:*:*
Microsoft/Officev5
Range: Excel 2007 SP3, Excel 2010 SP2, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, and Excel Services on SharePoint Server 2013 SP1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0027nvdPatchVendor Advisory
www.securityfocus.com/bid/96043nvdThird Party AdvisoryVDB Entry
www.securitytracker.com/id/1038010nvd

News mentions

No linked articles in our index yet.

cvss	0.306
epss	0.024
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000