Microsoft CVE-2017-0020:
Microsoft Office Memory Corruption
Vulnerability
A remote
code execution vulnerability exists
in Exploit Excel Microsoft Office
software when the software fails to
properly handle objects in memory.
An attacker who successfully
exploited the vulnerability could
run arbitrary code in the context of
the current user. If the current
user is logged on with
administrative user rights, an
attacker could take control of the
affected system.
An
attacker could then install
programs; view, change, or delete
data; or create new accounts with
full user rights. Users whose
accounts are configured to have
fewer user rights on the system
could be less impacted than users
who operate with administrative user
rights. Exploitation of the
vulnerability requires that a user
open a specially crafted file with
an affected version of Excel Exploit
Microsoft Office software. In an
email attack scenario, an attacker
could exploit the vulnerability by
sending the specially crafted file
to the user and convincing the user
to open the file.
In a
web-based attack scenario, an
attacker could host a website (or
leverage a compromised website that
accepts or hosts user-provided
content) that contains a specially
crafted file designed to exploit the
vulnerability. An attacker would
have no way to force users to visit
the website. Instead, an attacker
would have to convince users to
click a link, typically by way of an
enticement in an email or instant
message, and then convince them to
open the specially crafted file.Note
that the Preview Pane is not an
attack vector for this
vulnerability. The security update
addresses the vulnerability by
correcting how Excel Exploit Office
handles objects in memory.