CVE-2017-11854

CWE-119Buffer Overflow5 documents5 sources
Severity
8.8HIGH
EPSS
18.9%
top 4.70%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Microsoft Corporation Microsoft OfficeMicrosoft OfficeMicrosoft Word
Timeline
PublishedNov 15
Latest updateMay 17

Description

Microsoft Word 2007 Service Pack 3, Microsoft Word 2010 Service Pack 2, Microsoft Office 2010 Service Pack 2, and Microsoft Office Compatibility Pack Service Pack 3 allow an attacker to run arbitrary code in the context of the current user by failing to properly handle objects in memory, aka "Microsoft Word Memory Corruption Vulnerability".

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages3 packages

NVDmicrosoft/word2007, 2010+1
CVEListV5microsoft_corporation/microsoft_officeMicrosoft Word 2007 Service Pack 3, Microsoft Word 2010 Service Pack 2, Microsoft Office 2010 Service Pack 2, and Microsoft Office Compatibility Pack Service Pack 3

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

2
GHSA
GHSA-rqpf-p3qj-hp4w: Microsoft Word 2007 Service Pack 3, Microsoft Word 2010 Service Pack 2, Microsoft Office 2010 Service Pack 2, and Microsoft Office Compatibility Pack2022-05-17
CVEList
CVE-2017-11854: Microsoft Word 2007 Service Pack 3, Microsoft Word 2010 Service Pack 2, Microsoft Office 2010 Service Pack 2, and Microsoft Office Compatibility Pack2017-11-15

💥Exploits & PoCs

1
Nuclei
Micro Focus UCMDB - Remote Code Execution

📋Vendor Advisories

1
Microsoft
Microsoft Office Remote Code Execution Vulnerability2017-11-14
CVE-2017-11854 (HIGH CVSS 8.8) | Microsoft Word 2007 Service Pack 3 | cvebase.io