CyberSec.Space Logo
CVEブラウザに戻る

CVE-2017-11826

Known Exploited (CISA KEV)HIGH
7.8
CVSS Severity Score
EPSS Score55.9480%
EPSS Percentile92.12th
Published2017年10月13日
Last Modified2026年4月22日

Vulnerability Description

Microsoft Office 2010, SharePoint Enterprise Server 2010, SharePoint Server 2010, Web Applications, Office Web Apps Server 2010 and 2013, Word Viewer, Word 2007, 2010, 2013 and 2016, Word Automation Services, and Office Online Server allow remote code execution when the software fails to properly handle objects in memory.

Affected Platforms (CPE)

📦
Microsoft

Office Compatibility Pack

All versions
📦
Microsoft

Office Online Server

= 2016
📦
Microsoft

Office Web Apps Server

= 2010
📦
Microsoft

Office Web Apps Server

= 2013
📦
Microsoft

Office Word Viewer

All versions
📦
Microsoft

Sharepoint Enterprise Server

= 2016
📦
Microsoft

Sharepoint Server

= 2010
📦
Microsoft

Sharepoint Server

= 2013
📦
Microsoft

Word

= 2007
📦
Microsoft

Word

= 2010
📦
Microsoft

Word

= 2013
📦
Microsoft

Word

= 2013
📦
Microsoft

Word

= 2016

References & Advisories

🔗 http://www.securityfocus.com/bid/101219
🔗 http://www.securitytracker.com/id/1039541
🔗 https://0patch.blogspot.com/2017/11/0patching-pretty-nasty-microsoft-word.html
🔗 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11826
🔗 https://securingtomorrow.mcafee.com/mcafee-labs/analyzing-microsoft-office-zero-day-exploit-cve-2017-11826-memory-corruption-vulnerability/
🔗 https://www.tarlogic.com/en/blog/exploiting-word-cve-2017-11826/
🔗 http://www.securityfocus.com/bid/101219
🔗 http://www.securitytracker.com/id/1039541

関連する脆弱性情報

CVE-2008-40269.3

Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; Office Compatibility Pac...

CVE-2008-40279.3

Double free vulnerability in Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Outlook 2007 Gold and SP1;...

CVE-2008-40289.3

Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Outlook 2007 Gold and SP1; Word Viewer 2003 Gold and SP...

CVE-2008-40259.3

Integer overflow in Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Outlook 2007 Gold and SP1; Word Vie...