CVE-2017-11934
published 2017-12-12CVE-2017-11934: Microsoft Office 2013 RT SP1, Microsoft Office 2013 SP1, and Microsoft Office 2016 allow an information disclosure vulnerability due to the way certain…
PriorityP428medium5.5CVSS 3.0
AVLACLPRNUIRSUCHINAN
EPSS
12.59%
95.7th percentile
Microsoft Office 2013 RT SP1, Microsoft Office 2013 SP1, and Microsoft Office 2016 allow an information disclosure vulnerability due to the way certain functions handle objects in memory, aka "Microsoft Office Information Disclosure Vulnerability".
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | office | — | — |
| microsoft | office | — | — |
| microsoft_corporation | microsoft_office | — | — |
| msrc | microsoft_office_2013_rt_service_pack_1 | — | — |
| msrc | microsoft_office_2013_service_pack_1 | — | — |
| msrc | microsoft_office_2016 | — | — |
| msrc | microsoft_office_2016_click-to-run_for_32-bit_editions | — | — |
| msrc | microsoft_office_2016_click-to-run_for_64-bit_editions | — | — |
| msrc | microsoft_office_2016_for_mac | — | — |
CVSS provenance
nvdv3.05.5MEDIUMCVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:P/I:N/A:N
vendor_msrc5.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-ccqr-855x-jj26: Microsoft Office 2013 RT SP1, Microsoft Office 2013 SP1, and Microsoft Office 2016 allow an information disclosure vulnerability due to the way certai
ghsa_unreviewed·2022-05-14
CVE-2017-11934 [MEDIUM] CWE-200 GHSA-ccqr-855x-jj26: Microsoft Office 2013 RT SP1, Microsoft Office 2013 SP1, and Microsoft Office 2016 allow an information disclosure vulnerability due to the way certai
Microsoft Office 2013 RT SP1, Microsoft Office 2013 SP1, and Microsoft Office 2016 allow an information disclosure vulnerability due to the way certain functions handle objects in memory, aka "Microsoft Office Information Disclosure Vulnerability".
Microsoft
Microsoft Office Information Disclosure Vulnerability
vendor_msrc·2017-12-12·CVSS 5.5
CVE-2017-11934 [MEDIUM] Microsoft Office Information Disclosure Vulnerability
Microsoft Office Information Disclosure Vulnerability
Description: An information disclosure vulnerability exists when Microsoft Office improperly discloses the contents of its memory. An attacker who exploited the vulnerability could use the information to compromise the user’s computer or data.
To exploit the vulnerability, an attacker could craft a special document file and then convince the user to open it. An attacker must know the memory address location where the object was created.
The update addresses the vulnerability by changing the way certain functions handle objects in memory.
Microsoft Office: Microsoft Office
Microsoft: Microsoft
Impact: Information Disclosure
Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Soft
No detection rules found.
No public exploits indexed.
http://www.securityfocus.com/bid/102064http://www.securitytracker.com/id/1039998https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11934http://www.securityfocus.com/bid/102064http://www.securitytracker.com/id/1039998https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11934
2017-12-12
Published