CVE-2017-11884

CWE-119 — Buffer Overflow5 documents5 sources

Severity

7.8HIGH

EPSS

49.9%

top 2.18%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Corporation Microsoft Office Microsoft Excel

Timeline

PublishedNov 15

Latest updateMay 14

Description

Microsoft Excel 2016 Click-to-Run (C2R) allows an attacker to run arbitrary code in the context of the current user by failing to properly handle objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11882.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

▶NVDmicrosoft/excel2016

▶CVEListV5microsoft_corporation/microsoft_officeMicrosoft Excel 2016 Click-to-Run (C2R)

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-cf25-5rjj-26cw: Microsoft Excel 2016 Click-to-Run (C2R) allows an attacker to run arbitrary code in the context of the current user by failing to properly handle obje↗2022-05-14

▶

CVEList

CVE-2017-11884: Microsoft Excel 2016 Click-to-Run (C2R) allows an attacker to run arbitrary code in the context of the current user by failing to properly handle obje↗2017-11-15

▶

VulnCheck

Microsoft Excel Improper Restriction of Operations within the Bounds of a Memory Buffer↗2017

▶

📋Vendor Advisories

Microsoft

Microsoft Excel Remote Code Execution Vulnerability↗2017-11-14

▶