CVE-2017-11934

CWE-200 — Information Exposure4 documents4 sources

Severity

5.5MEDIUM

EPSS

23.5%

top 4.03%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Corporation Microsoft Office Microsoft Office

Timeline

PublishedDec 12

Latest updateMay 14

Description

Microsoft Office 2013 RT SP1, Microsoft Office 2013 SP1, and Microsoft Office 2016 allow an information disclosure vulnerability due to the way certain functions handle objects in memory, aka "Microsoft Office Information Disclosure Vulnerability".

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

▶NVDmicrosoft/office2013, 2016+1

▶CVEListV5microsoft_corporation/microsoft_officeMicrosoft Office 2013 RT SP1, Microsoft Office 2013 SP1, and Microsoft Office 2016

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-ccqr-855x-jj26: Microsoft Office 2013 RT SP1, Microsoft Office 2013 SP1, and Microsoft Office 2016 allow an information disclosure vulnerability due to the way certai↗2022-05-14

▶

CVEList

CVE-2017-11934: Microsoft Office 2013 RT SP1, Microsoft Office 2013 SP1, and Microsoft Office 2016 allow an information disclosure vulnerability due to the way certai↗2017-12-12

▶

📋Vendor Advisories

Microsoft

Microsoft Office Information Disclosure Vulnerability↗2017-12-12

▶