CyberSec.Space Logo
CVEブラウザに戻る

CVE-2017-11882

Known Exploited (CISA KEV)HIGH
7.8
CVSS Severity Score
EPSS Score36.7520%
EPSS Percentile88.57th
Published2017年11月15日
Last Modified2026年4月22日

Vulnerability Description

Microsoft Office 2007 Service Pack 3, Microsoft Office 2010 Service Pack 2, Microsoft Office 2013 Service Pack 1, and Microsoft Office 2016 allow an attacker to run arbitrary code in the context of the current user by failing to properly handle objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11884.

Affected Platforms (CPE)

📦
Microsoft

Office

= 2007
📦
Microsoft

Office

= 2010
📦
Microsoft

Office

= 2013
📦
Microsoft

Office

= 2016

References & Advisories

🔗 http://reversingminds-blog.logdown.com/posts/3907313-fileless-attack-in-word-without-macros-cve-2017-11882
🔗 http://www.securityfocus.com/bid/101757
🔗 http://www.securitytracker.com/id/1039783
🔗 https://0patch.blogspot.com/2017/11/did-microsoft-just-manually-patch-their.html
🔗 https://0patch.blogspot.com/2017/11/official-patch-for-cve-2017-11882-meets.html
🔗 https://github.com/0x09AL/CVE-2017-11882-metasploit
🔗 https://github.com/embedi/CVE-2017-11882
🔗 https://github.com/rxwx/CVE-2017-11882

関連する脆弱性情報

CVE-2001-122310.0

The web administration server for ELSA Lancom 1100 Office does not require authentication, which allows arbitrary remote attackers...

CVE-2001-126010.0

Avaya Argent Office uses weak encryption (trivial encoding) for passwords, which allows remote attackers to gain administrator pri...

CVE-2000-085410.0

When a Microsoft Office 2000 document is launched, the directory of that document is first used to locate DLL's such as riched20.d...

CVE-2007-111710.0

Unspecified vulnerability in Publisher 2007 in Microsoft Office 2007 allows remote attackers to execute arbitrary code via unspeci...