{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-16T19:03:39.064","vulnerabilities":[{"cve":{"id":"CVE-2017-2790","sourceIdentifier":"talos-cna@cisco.com","published":"2017-02-24T22:59:00.200","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"When processing a record type of 0x3c from a Workbook stream from an Excel file (.xls), JustSystems Ichitaro Office trusts that the size is greater than zero, subtracts one from the length, and uses this result as the size for a memcpy. This results in a heap-based buffer overflow and can lead to code execution under the context of the application."},{"lang":"es","value":"Cuando se procesa un tipo de registro de 0x3c flujo Workbookdesde un archivo Excel (.xls), JustSystems Ichitaro Office confía que el tamaño es mayor que cero, substrae uno de la longitud, y utiliza este resultado como el tamaño de una memcpy. Esto resulta en un desbordamiento de búfer basado en memoria dinámica y puede conducir a ejecución de código bajo el contexto de la aplicación."}],"metrics":{"cvssMetricV30":[{"source":"talos-cna@cisco.com","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:justsystems:ichitaro:*:*:*:*:*:*:*:*","matchCriteriaId":"869571E4-7544-48EE-9839-927A3F6315E2"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96442","source":"talos-cna@cisco.com"},{"url":"http://www.talosintelligence.com/reports/TALOS-2016-0197/","source":"talos-cna@cisco.com"},{"url":"http://www.securityfocus.com/bid/96442","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.talosintelligence.com/reports/TALOS-2016-0197/","source":"af854a3a-2127-422b-91ae-364da2661108"}]}}]}