CVE-2017-11939

CWE-200Information Exposure4 documents4 sources
Severity
6.5MEDIUM
EPSS
2.0%
top 16.37%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Microsoft Corporation Microsoft OfficeMicrosoft Office
Timeline
PublishedDec 12
Latest updateMay 14

Description

Microsoft Office 2016 Click-to-Run (C2R) allows an information disclosure vulnerability due to the way Microsoft Office enforces DRM copy/paste permissions, aka "Microsoft Office Information Disclosure Vulnerability".

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

CVEListV5microsoft_corporation/microsoft_officeMicrosoft Office 2016 Click-to-Run (C2R)

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

2
GHSA
GHSA-r4cm-gxv3-c6qg: Microsoft Office 2016 Click-to-Run (C2R) allows an information disclosure vulnerability due to the way Microsoft Office enforces DRM copy/paste permis2022-05-14
CVEList
CVE-2017-11939: Microsoft Office 2016 Click-to-Run (C2R) allows an information disclosure vulnerability due to the way Microsoft Office enforces DRM copy/paste permis2017-12-12

📋Vendor Advisories

1
Microsoft
Microsoft Office Information Disclosure Vulnerability2017-12-12
CVE-2017-11939 (MEDIUM CVSS 6.5) | Microsoft Office 2016 Click-to-Run | cvebase.io