# CVE-2017-0199

> Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office 2013 SP1, Microsoft Office 2016, Microsoft Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, Windows 8.1 allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office/WordPad Remote Code Execution Vulnerability w/Windows API."

- **CVSS:** 7.8 (HIGH)
- **EPSS:** 94.3%
- **CISA KEV:** yes (known ransomware use)
- **CWE:** NVD-CWE-noinfo

Canonical: https://intel.threadlinqs.com/cve/CVE-2017-0199
Full threat coverage + IOCs via the Threadlinqs MCP server (Purple tier): https://intel.threadlinqs.com/mcp