Medium severity5.5NVD Advisory· Published Apr 12, 2017· Updated May 13, 2026

CVE-2017-0194

Description

Microsoft Excel 2007 SP3, Microsoft Excel 2010 SP2, and Office Compatibility Pack SP2 allow remote attackers to obtain sensitive information from process memory via a crafted Office document, aka "Microsoft Office Information Disclosure Vulnerability."

Affected products

Microsoft/Excel2 versions
cpe:2.3:a:microsoft:excel:2007:sp3:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:microsoft:excel:2007:sp3:*:*:*:*:*:*
- cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:*:*
Microsoft/Office Compatibility Pack
cpe:2.3:a:microsoft:office_compatibility_pack:*:sp2:*:*:*:*:*:*
Microsoft/Officev5
Range: Excel 2007 SP3, Microsoft Excel 2010 SP2, and Office Compatibility Pack SP2

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0194nvdPatchVendor Advisory
www.securityfocus.com/bid/97436nvdThird Party AdvisoryVDB Entry
www.securitytracker.com/id/1038244nvd

News mentions

No linked articles in our index yet.

cvss	0.358
epss	0.035
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000