CVE-2017-11939
published 2017-12-12CVE-2017-11939: Microsoft Office 2016 Click-to-Run (C2R) allows an information disclosure vulnerability due to the way Microsoft Office enforces DRM copy/paste permissions…
PriorityP434medium6.5CVSS 3.0
AVNACLPRLUINSUCHINAN
EPSS
6.28%
92.7th percentile
Microsoft Office 2016 Click-to-Run (C2R) allows an information disclosure vulnerability due to the way Microsoft Office enforces DRM copy/paste permissions, aka "Microsoft Office Information Disclosure Vulnerability".
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | office | — | — |
| microsoft_corporation | microsoft_office | — | — |
| msrc | microsoft_office_2016_click-to-run_for_32-bit_editions | — | — |
| msrc | microsoft_office_2016_click-to-run_for_64-bit_editions | — | — |
CVSS provenance
nvdv3.06.5MEDIUMCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:P/I:N/A:N
vendor_msrc6.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-r4cm-gxv3-c6qg: Microsoft Office 2016 Click-to-Run (C2R) allows an information disclosure vulnerability due to the way Microsoft Office enforces DRM copy/paste permis
ghsa_unreviewed·2022-05-14
CVE-2017-11939 [MEDIUM] CWE-200 GHSA-r4cm-gxv3-c6qg: Microsoft Office 2016 Click-to-Run (C2R) allows an information disclosure vulnerability due to the way Microsoft Office enforces DRM copy/paste permis
Microsoft Office 2016 Click-to-Run (C2R) allows an information disclosure vulnerability due to the way Microsoft Office enforces DRM copy/paste permissions, aka "Microsoft Office Information Disclosure Vulnerability".
Microsoft
Microsoft Office Information Disclosure Vulnerability
vendor_msrc·2017-12-12·CVSS 6.5
CVE-2017-11939 [MEDIUM] Microsoft Office Information Disclosure Vulnerability
Microsoft Office Information Disclosure Vulnerability
Description: An information disclosure vulnerability exists when Microsoft Outlook fails to enforce copy/paste permissions on DRM-protected emails. An attacker who successfully exploited the vulnerability could potentially extract plaintext content from DRM-protected draft emails.
The attacker would have to use another vulnerability to gain access to the victim's Drafts folder, either locally on the victim's system or remotely via MAPI.
The security update addresses the vulnerability by correcting how Microsoft Outlook enforces DRM copy/paste permissions.
Microsoft Office: Microsoft Office
Microsoft: Microsoft
Impact: Information Disclosure
Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less
No detection rules found.
No public exploits indexed.
http://www.securityfocus.com/bid/102105http://www.securitytracker.com/id/1039994https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11939http://www.securityfocus.com/bid/102105http://www.securitytracker.com/id/1039994https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11939
2017-12-12
Published