CyberSec.Space Logo
Back to CVE Browser

CVE-2017-11882

Known Exploited (CISA KEV)HIGH
7.8
CVSS Severity Score
EPSS Score36.7520%
EPSS Percentile88.57th
PublishedNov 15, 2017
Last ModifiedApr 22, 2026

Vulnerability Description

Microsoft Office 2007 Service Pack 3, Microsoft Office 2010 Service Pack 2, Microsoft Office 2013 Service Pack 1, and Microsoft Office 2016 allow an attacker to run arbitrary code in the context of the current user by failing to properly handle objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11884.

Affected Platforms (CPE)

πŸ“¦
Microsoft

Office

= 2007
πŸ“¦
Microsoft

Office

= 2010
πŸ“¦
Microsoft

Office

= 2013
πŸ“¦
Microsoft

Office

= 2016

References & Advisories

πŸ”— http://reversingminds-blog.logdown.com/posts/3907313-fileless-attack-in-word-without-macros-cve-2017-11882
πŸ”— http://www.securityfocus.com/bid/101757
πŸ”— http://www.securitytracker.com/id/1039783
πŸ”— https://0patch.blogspot.com/2017/11/did-microsoft-just-manually-patch-their.html
πŸ”— https://0patch.blogspot.com/2017/11/official-patch-for-cve-2017-11882-meets.html
πŸ”— https://github.com/0x09AL/CVE-2017-11882-metasploit
πŸ”— https://github.com/embedi/CVE-2017-11882
πŸ”— https://github.com/rxwx/CVE-2017-11882

Related Vulnerabilities

CVE-2001-122310.0

The web administration server for ELSA Lancom 1100 Office does not require authentication, which allows arbitrary remote attackers...

CVE-2001-126010.0

Avaya Argent Office uses weak encryption (trivial encoding) for passwords, which allows remote attackers to gain administrator pri...

CVE-2000-085410.0

When a Microsoft Office 2000 document is launched, the directory of that document is first used to locate DLL's such as riched20.d...

CVE-2007-111710.0

Unspecified vulnerability in Publisher 2007 in Microsoft Office 2007 allows remote attackers to execute arbitrary code via unspeci...

CVE-2017-11882 Detail & Impact Analysis | CVSS 7.8 (HIGH) | Cyber-Sec.Space | Cyber-Sec.Space