← back
CVE-2017-0195

CVE-2017-0195

EPSS 3.8%
Vexday Risk Score
3Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS EPSS 3.8%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
12 Apr 2017Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Microsoft Excel Services on Microsoft SharePoint Server 2010 SP1 and SP2, Microsoft Excel Web Apps 2010 SP2, Microsoft Office Web Apps 2010 SP2, Microsoft Office Web Apps Server 2013 SP1 and Office Online Server allows remote attackers to perform cross-site scripting and run script with local user privileges via a crafted request, aka "Microsoft Office XSS Elevation of Privilege Vulnerability."
Affected products
Microsoft Corporation · Office

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0195http://www.securityfocus.com/bid/97417