High severity7.8NVD Advisory· Published Jun 15, 2017· Updated May 13, 2026

CVE-2017-8506

Description

A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka "Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8509, CVE-2017-8510, CVE-2017-8511, CVE-2017-8512, and CVE-2017-0260.

Affected products

Microsoft/Outlook4 versions
cpe:2.3:a:microsoft:outlook:2010:sp2:*:*:*:*:*:*+ 3 more
- cpe:2.3:a:microsoft:outlook:2010:sp2:*:*:*:*:*:*
- cpe:2.3:a:microsoft:outlook:2013:sp1:*:*:*:*:*:*
- cpe:2.3:a:microsoft:outlook:2013:sp1:*:*:rt:*:*:*
- cpe:2.3:a:microsoft:outlook:2016:*:*:*:*:*:*:*
Microsoft Corporation/Microsoft Officev5
Range: Microsoft Outlook 2010 Service Pack 2, Microsoft Outlook 2013 RT Service Pack 1, Microsoft Outlook 2013 Service Pack 1, and Microsoft Outlook 2016.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8506nvdPatchVendor Advisory
www.securityfocus.com/bid/98811nvdThird Party AdvisoryVDB Entry
www.securitytracker.com/id/1038666nvdThird Party AdvisoryVDB Entry

News mentions

No linked articles in our index yet.

cvss	0.507
epss	0.027
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000