Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
mskbMicrosoftKB2589382
HistoryApr 11, 2017 - 7:00 a.m.

Description of the security update for Office 2010: April 11, 2017

2017-04-1107:00:00
Microsoft
support.microsoft.com
19

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.9 High

AI Score

Confidence

High

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.166 Low

EPSS

Percentile

96.0%

JSON

Description of the security update for Office 2010: April 11, 2017

Summary

This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see Microsoft Common Vulnerabilities and Exposures CVE-2017-0197.

Note To apply this security update, you must have the release version of Service Pack 2 for Office 2010 installed on the computer.

Deployment information

For deployment details for this security update, go to the following article in the Microsoft Knowledge Base:
Security update deployment information: April 11, 2017

How to get and install the update

Method 1: Microsoft Update

This update is available from Microsoft Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to get security updates automatically, see Windows Update: FAQ.

Method 2: Microsoft Update Catalog

To get the stand-alone package for this update, go to the Microsoft Update Catalog website.

Method 3: Microsoft Download Center

You can get the stand-alone update package through the Microsoft Download Center. Follow the installation instructions on the download page to install the update.

More Information

Security update replacement information

This security update does not replace any previously released security update.

File hash information

Package Name Package Hash SHA 1 Package Hash SHA 2
wce2010-kb2589382-fullfile-x86-glb.exe F096754D0425F5333D6CEDE58C534A568DB77AFA 938AE9838C95014B63015B25377E4871B11B52590AA0E4AC30AFCEB74B46B179
wce2010-kb2589382-fullfile-x64-glb.exe F815FC306E469315F662039E3833B8AAC307D2B4 A39CA2881B1F13A45707882FCEB4FB305AB40E1199FE95DBDCBA98F5685FAC90

File information

The English version of this security update has the file attributes (or later file attributes) that are listed in the following table.For all supported x86-based versions of Office 2010| File identifier| File name| File version| File size| Date| Time
—|—|—|—|—|—
onsyncpc.dll.x86| onenotesyncpc.dll| 14.0.7180.5000| 931,688| 15-Mar-2017| 01:48

For all supported x64-based versions of Office 2010File identifier File name File version File size Date Time
onsyncpc.dll.x86 onenotesyncpc.dll 14.0.7180.5000 931,688 15-Mar-2017 01:48

How to get help and support for this security update

Help for installing updates: Support for Microsoft Update

Security solutions for IT professionals: TechNet Security Troubleshooting and Support

Help for protecting your Windows-based computer from viruses and malware: Virus Solution and Security Center

Local support according to your country: International Support

Propose a feature or provide feedback on Office Core: Office User Voice portal

Related

checkpoint_advisories 1
cve 1
openvas 2
mskb 1
mscve 1
prion 1
packetstorm 1
symantec 1
kaspersky 2
nessus 1
checkpoint_advisories
checkpoint_advisories
Microsoft Office DLL Loading (CVE-2017-0197)
2017-04-11 00:00:00
cve
cve
CVE-2017-0197
2017-04-12 14:59:00
openvas
openvas
Microsoft OneNote DLL Loading RCE Vulnerability (KB2589382)
2017-04-13 00:00:00
Microsoft OneNote DLL Loading RCE Vulnerability (KB3191829)
2017-04-12 00:00:00
mskb
mskb
Description of the security update for OneNote 2007: April 11, 2017
2017-04-11 07:00:00
mscve
mscve
Microsoft OneNote Remote Code Execution Vulnerability
2017-04-11 07:00:00
prion
prion
Code injection
2017-04-12 14:59:00
packetstorm
packetstorm
Microsoft Office OneNote 2007 DLL Hijacking
2017-04-11 00:00:00
symantec
symantec
Microsoft Office CVE-2017-0197 DLL Loading Remote Code Execution Vulnerability
2017-04-11 00:00:00
kaspersky
kaspersky
KLA11024 Defense-in-Depth Update for Microsoft Office
2017-04-11 00:00:00
KLA10995 Multiple arbitrary code execution vulnerabilities in Microsoft office
2016-09-09 00:00:00
nessus
nessus
Security Update for Microsoft Office Products (April 2017) (Petya)
2017-04-12 00:00:00

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.9 High

AI Score

Confidence

High

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.166 Low

EPSS

Percentile

96.0%

JSON
Related for KB2589382
checkpoint_advisories1cve1openvas2mskb1mscve1prion1packetstorm1symantec1kaspersky2nessus1