CVE-2017-0199

KEV · Ransomware EPSS 94.30% · P100 Updated Feb 21, 2026

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2017-0199

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office 2013 SP1, Microsoft Office 2016, Microsoft Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, Windows 8.1 allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office/WordPad Remote Code Execution Vulnerability w/Windows API."

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

Microsoft Office 安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Microsoft Office是美国微软（Microsoft）公司开发的一款办公软件套件产品。常用组件有Word、Excel、Access、Powerpoint、FrontPage等。多款Microsoft产品中存在远程代码执行漏洞。远程攻击者可借助特制的文本文件利用该漏洞执行任意代码。以下产品和版本受到影响：Microsoft Office 2007 SP3；Microsoft Office 2010 SP2；Microsoft Office 2013 SP1；Microsoft Office 20

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Shenlong Deep Dive — AI Deep Analysis

10-question deep dive: root cause, exploitation, mitigation, urgency. Read summary free, full version requires login.

Read summary Full analysis (login)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
Microsoft Corporation	Office/WordPad	Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office 2013 SP1, Microsoft Office 2016, Microsoft Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8.1	-

II. Public POCs for CVE-2017-0199

#	POC Description	Source Link	Shenlong Link
1	None	https://github.com/ryhanson/CVE-2017-0199	POC Details
2	None	https://github.com/SyFi/cve-2017-0199	POC Details
3	Exploit toolkit CVE-2017-0199 - v4.0 is a handy python script which provides pentesters and security researchers a quick and effective way to test Microsoft Office RCE. It could generate a malicious RTF/PPSX file and deliver metasploit / meterpreter / other payload to victim without any complex configuration.	https://github.com/bhdresh/CVE-2017-0199	POC Details
4	Quick and dirty fix to OLE2 executing code via .hta	https://github.com/NotAwful/CVE-2017-0199-Fix	POC Details
5	CVE-2017-0199	https://github.com/haibara3839/CVE-2017-0199-master	POC Details
6	Exploit toolkit CVE-2017-0199 - v2.0 is a handy python script which provides a quick and effective way to exploit Microsoft RTF RCE. It could generate a malicious RTF file and deliver metasploit / meterpreter / any other payload to victim without any complex configuration.	https://github.com/Exploit-install/CVE-2017-0199	POC Details
7	Exploit toolkit for vulnerability RCE Microsoft RTF	https://github.com/mzakyz666/PoC-CVE-2017-0199	POC Details
8	Exploit toolkit CVE-2017-0199 - v2.0 is a handy python script which provides a quick and effective way to exploit Microsoft RTF RCE. It could generate a malicious RTF file and deliver metasploit / meterpreter payload to victim without any complex configuration.	https://github.com/n1shant-sinha/CVE-2017-0199	POC Details
9	An exploit implementation for RCE in RTF & DOCs (CVE-2017-0199)	https://github.com/kn0wm4d/htattack	POC Details
10	None	https://github.com/joke998/Cve-2017-0199	POC Details
11	Cve-2017-0199	https://github.com/joke998/Cve-2017-0199-	POC Details
12	None	https://github.com/sUbc0ol/Microsoft-Word-CVE-2017-0199-	POC Details
13	None	https://github.com/viethdgit/CVE-2017-0199	POC Details
14	None	https://github.com/herbiezimmerman/2017-11-17-Maldoc-Using-CVE-2017-0199	POC Details
15	RTF Cleaner, tries to extract URL from malicious RTF samples using CVE-2017-0199 & CVE-2017-8759	https://github.com/jacobsoo/RTF-Cleaner	POC Details
16	None	https://github.com/likescam/CVE-2017-0199	POC Details
17	None	https://github.com/stealth-ronin/CVE-2017-0199-PY-KIT	POC Details
18	None	https://github.com/Phantomlancer123/CVE-2017-0199	POC Details
19	A python script/generator, for generating and exploiting Microsoft vulnerability	https://github.com/BRAINIAC22/CVE-2017-0199	POC Details
20	CVE-2017-0199复现	https://github.com/Sunqiz/CVE-2017-0199-reprofuction	POC Details
21	None	https://github.com/TheCyberWatchers/CVE-2017-0199-v5.0	POC Details
22	RTF de-obfuscator for CVE-2017-0199 documents to find URLs statically.	https://github.com/nicpenning/RTF-Cleaner	POC Details
23	Python3 toolkit update	https://github.com/kash-123/CVE-2017-0199	POC Details
24	None	https://github.com/likekabin/CVE-2017-0199	POC Details
25	This repository contains a full blue-team malware analysis of a real malicious DOCX exploiting CVE-2017-0199. The lab includes sandbox execution, network forensics, IOC extraction, MITRE ATT&CK mapping, dropped files review, and detection rules. Evidence screenshots are included inside the evidence folder for professional documentation.	https://github.com/BlueShield-CyberDefense/Phishing-Analysis	POC Details

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2017-0199

请登录查看更多情报信息。

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0199x_refsource_CONFIRM
https://blog.nviso.be/2017/04/12/analysis-of-a-cve-2017-0199-malicious-rtf-document/x_refsource_MISC
http://rewtin.blogspot.nl/2017/04/cve-2017-0199-practical-exploitation-poc.htmlx_refsource_MISC
https://www.mdsec.co.uk/2017/04/exploiting-cve-2017-0199-hta-handler-vulnerability/x_refsource_MISC
https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02x_refsource_MISC
https://www.fireeye.com/blog/threat-research/2017/04/cve-2017-0199_useda.htmlx_refsource_MISC
https://www.exploit-db.com/exploits/41934/exploitx_refsource_EXPLOIT-DB
https://www.exploit-db.com/exploits/41894/exploitx_refsource_EXPLOIT-DB
https://www.exploit-db.com/exploits/42995/exploitx_refsource_EXPLOIT-DB
http://www.securityfocus.com/bid/97498vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1038224vdb-entryx_refsource_SECTRACK
https://nvd.nist.gov/vuln/detail/CVE-2017-0199

Same Patch Batch · Microsoft Corporation · 2017-04-12 · 42 CVEs total

CVE-2017-0197		Microsoft Office 安全漏洞
CVE-2017-0183		Microsoft Windows Hyper-V 安全漏洞
CVE-2017-0184		Microsoft Windows Hyper-V 安全漏洞
CVE-2017-0185		Microsoft Windows Hyper-V 安全漏洞
CVE-2017-0186		Microsoft Windows Hyper-V 安全漏洞
CVE-2017-0188		Microsoft Win32k 信息泄露漏洞
CVE-2017-0189		Microsoft Win32k 权限许可和访问控制问题漏洞
CVE-2017-0191		Microsoft Windows 安全漏洞
CVE-2017-0192		Microsoft Windows 信息泄露漏洞
CVE-2017-0194		Microsoft Office 信息泄露漏洞
CVE-2017-0195		Microsoft Office 安全漏洞
CVE-2017-0182		Microsoft Windows Hyper-V 安全漏洞
CVE-2017-0200		Microsoft Edge 安全漏洞
CVE-2017-0201		Microsoft Internet Explorer JScript和VBScript 安全漏洞
CVE-2017-0202		Microsoft Internet Explorer 安全漏洞
CVE-2017-0204		Microsoft Office 安全漏洞
CVE-2017-0205		Microsoft Edge 安全漏洞
CVE-2017-0207		Microsoft Outlook for Mac 安全漏洞
CVE-2017-0208		Microsoft Edge 信息泄露漏洞
CVE-2017-0210		Microsoft Internet Explorer 权限许可和访问控制问题漏洞

Showing top 20 of 42 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same vendor: Microsoft Corporation

V. Comments for CVE-2017-0199

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2017-0199

I. Basic Information for CVE-2017-0199

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Shenlong Deep Dive — AI Deep Analysis

Affected Products

II. Public POCs for CVE-2017-0199

III. Intelligence Information for CVE-2017-0199

Same Patch Batch · Microsoft Corporation · 2017-04-12 · 42 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2017-0199

Leave a comment