⚠ Actively exploited in ransomware campaigns
This vulnerability is on the CISA Known Exploited Vulnerabilities list and has been used in known ransomware attacks. CISA required action: Apply updates per vendor instructions.. Due date: 2022-05-03.

CVE-2017-11882

CWE-119Buffer Overflow48 documents19 sources
Severity
7.8HIGH
EPSS
94.4%
top 0.03%
CISA KEV
KEVRansomware
Added 2021-11-03
Due 2022-05-03
Exploit
Exploited in wild
Active exploitation observed
Affected products
2
Microsoft Corporation Microsoft OfficeMicrosoft Office
Timeline
PublishedNov 15
KEV addedNov 3
KEV dueMay 3
Latest updateJan 14
CISA Required Action: Apply updates per vendor instructions.

Description

Microsoft Office 2007 Service Pack 3, Microsoft Office 2010 Service Pack 2, Microsoft Office 2013 Service Pack 1, and Microsoft Office 2016 allow an attacker to run arbitrary code in the context of the current user by failing to properly handle objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11884.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

NVDmicrosoft/office4 versions+3
CVEListV5microsoft_corporation/microsoft_officeMicrosoft Excel 2016 Click-to-Run (C2R), Microsoft Office 2007 Service Pack 3, Microsoft Office 2010 Service Pack 2, Microsoft Office 2013 Service Pack 1, Microsoft Office 2016+1

Patches

Patch: 0patch.blogspot.comPatch: portal.msrc.microsoft.comPatch: 0patch.blogspot.com

🔴Vulnerability Details

3
GHSA
GHSA-vjph-m3mp-rqj5: Microsoft Office 2007 Service Pack 3, Microsoft Office 2010 Service Pack 2, Microsoft Office 2013 Service Pack 1, and Microsoft Office 2016 allow an a2022-05-13
CVEList
CVE-2017-11882: Microsoft Office 2007 Service Pack 3, Microsoft Office 2010 Service Pack 2, Microsoft Office 2013 Service Pack 1, and Microsoft Office 2016 allow an a2017-11-15
VulnCheck
Microsoft Office Memory Corruption Vulnerability2017

💥Exploits & PoCs

2
Exploit-DB
Microsoft Office - OLE Remote Code Execution2017-11-20
Metasploit
Microsoft Office CVE-2017-11882

🔍Detection Rules

1
YARA
potential_CVE_2017_11882

📋Vendor Advisories

2
CISA
Microsoft Office Memory Corruption Vulnerability2021-11-03
Microsoft
Microsoft Office Memory Corruption Vulnerability2017-11-14

🕵️Threat Intelligence

34
Fortinet
New Remcos Campaign Distributed Through Fake Shipping Document | FortiGuard Labs2026-01-14
Fortinet
New Remcos Campaign Distributed Through Fake Shipping Document | FortiGuard Labs2026-01-14
Fortinet
Infostealer Malware FormBook Spread via Phishing Campaign – Part I | FortiGuard Labs2025-04-22
Fortinet
New Agent Tesla Campaign Targeting Spanish-Speaking People | FortiGuard Labs2024-06-07
Fortinet
Excel Document Delivers Multiple Malware by Exploiting CVE-2017-11882 – Part II | FortiGuard Labs2022-10-05

📄Research Papers

1
arXiv
Linking Threat Tactics, Techniques, and Patterns with Defensive Weaknesses, Vulnerabilities and Affected Platform Configurations for Cyber Hunting2021-02-10
CVE-2017-11882 (HIGH CVSS 7.8) | Microsoft Office 2007 Service Pack | cvebase.io