SMB: Microsoft JET Database Engine Excel Component Buffer Overflow
A buffer overflow vulnerability has been reported in the Microsoft JET Database Engine. A remote attacker could exploit the vulnerability by enticing a user to open a specially crafted Excel file while using an affected version of Microsoft Windows. Successful exploitation results in arbitrary code execution under the context of the process.
Extended Description
The Microsoft JET Database Engine in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to take control of an affected system, due to how it handles objects in memory, aka "Microsoft JET Database Engine Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8718.
Affected Products
Microsoft windows_server_2016
Short Name
SMB:OF:MS-JET-ENGINE-BO
Severity
Major
Recommended
True
Recommended Action
Drop
Category
SMB
Keywords
Buffer CVE-2017-8717 Component Database Engine Excel JET Microsoft Overflow bid:101161
Release Date
11/22/2017
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3590
False Positive
Unknown
Vendors
Microsoft
CVSS Score
9.3