CVE-2017-11826

Scores

EPSS

0.908high90.8%

0%20%40%60%80%100%

Percentile: 90.8%

CVSS

7.8high3.x

0246810

CVSS Score: 7.8/10

All CVSS Scores

CVSS 3.x

7.8

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS 2.0

9.3

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Description

Microsoft Office 2010, SharePoint Enterprise Server 2010, SharePoint Server 2010, Web Applications, Office Web Apps Server 2010 and 2013, Word Viewer, Word 2007, 2010, 2013 and 2016, Word Automation Services, and Office Online Server allow remote code execution when the software fails to properly handle objects in memory.

Scaner-VS 7 — a modern vulnerability management solution

Uses this database for vulnerability detection. High-speed search, cross-platform, advanced configuration audit, and flexible filtering. Suitable for organizations of any size.

Learn more about Scaner-VS 7

Sources

msrcnvd

CWEs

CWE-119

Related Vulnerabilities

BDU:2017-02274

Exploits

Exploit ID: CVE-2017-11826

Source: github-poc

URL: https://github.com/thatskriptkid/CVE-2017-11826

Vulnerable Software (113)

Type: Configuration

Vendor: *

Product: office_compatibility_pack

Operating System: * * *

Trait:

{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:a:microsoft:office_compatibility_pack:-:sp3:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:microsoft:office_online...

{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:a:microsoft:office_compatibility_pack:-:sp3:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:microsoft:office_online_server:2016:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:microsoft:office_web_apps_server:2010:sp2:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:microsoft:office_web_apps_server:2013:sp1:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:microsoft:office_word_viewer:-:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:microsoft:sharepoint_server:2013:sp1:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:microsoft:word:2007:sp3:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:microsoft:word:2010:sp2:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:microsoft:word:2013:sp1:*:*:-:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:microsoft:word:2013:sp1:*:*:rt:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:microsoft:word:2016:*:*:*:*:*:*:*",      "vulnerable": true    }  ],  "operator": "OR"}

Source: nvd

Type: Configuration

Vendor: *

Product: office_online_server

Operating System: * * *

Trait:

{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:a:microsoft:office_compatibility_pack:-:sp3:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:microsoft:office_online...

{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:a:microsoft:office_compatibility_pack:-:sp3:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:microsoft:office_online_server:2016:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:microsoft:office_web_apps_server:2010:sp2:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:microsoft:office_web_apps_server:2013:sp1:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:microsoft:office_word_viewer:-:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:microsoft:sharepoint_server:2013:sp1:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:microsoft:word:2007:sp3:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:microsoft:word:2010:sp2:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:microsoft:word:2013:sp1:*:*:-:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:microsoft:word:2013:sp1:*:*:rt:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:microsoft:word:2016:*:*:*:*:*:*:*",      "vulnerable": true    }  ],  "operator": "OR"}

Source: nvd

Type: Configuration

Vendor: *

Product: office_web_apps_server

Operating System: * * *

Trait:

{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:a:microsoft:office_compatibility_pack:-:sp3:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:microsoft:office_online...

{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:a:microsoft:office_compatibility_pack:-:sp3:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:microsoft:office_online_server:2016:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:microsoft:office_web_apps_server:2010:sp2:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:microsoft:office_web_apps_server:2013:sp1:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:microsoft:office_word_viewer:-:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:microsoft:sharepoint_server:2013:sp1:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:microsoft:word:2007:sp3:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:microsoft:word:2010:sp2:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:microsoft:word:2013:sp1:*:*:-:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:microsoft:word:2013:sp1:*:*:rt:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:microsoft:word:2016:*:*:*:*:*:*:*",      "vulnerable": true    }  ],  "operator": "OR"}

Source: nvd

Type: Configuration

Vendor: *

Product: office_word_viewer

Operating System: * * *

Trait:

{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:a:microsoft:office_compatibility_pack:-:sp3:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:microsoft:office_online...

{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:a:microsoft:office_compatibility_pack:-:sp3:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:microsoft:office_online_server:2016:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:microsoft:office_web_apps_server:2010:sp2:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:microsoft:office_web_apps_server:2013:sp1:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:microsoft:office_word_viewer:-:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:microsoft:sharepoint_server:2013:sp1:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:microsoft:word:2007:sp3:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:microsoft:word:2010:sp2:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:microsoft:word:2013:sp1:*:*:-:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:microsoft:word:2013:sp1:*:*:rt:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:microsoft:word:2016:*:*:*:*:*:*:*",      "vulnerable": true    }  ],  "operator": "OR"}

Source: nvd

Type: Configuration

Vendor: *

Product: sharepoint_enterprise_server

Operating System: * * *

Trait:

{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:a:microsoft:office_compatibility_pack:-:sp3:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:microsoft:office_online...

{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:a:microsoft:office_compatibility_pack:-:sp3:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:microsoft:office_online_server:2016:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:microsoft:office_web_apps_server:2010:sp2:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:microsoft:office_web_apps_server:2013:sp1:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:microsoft:office_word_viewer:-:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:microsoft:sharepoint_server:2013:sp1:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:microsoft:word:2007:sp3:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:microsoft:word:2010:sp2:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:microsoft:word:2013:sp1:*:*:-:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:microsoft:word:2013:sp1:*:*:rt:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:microsoft:word:2016:*:*:*:*:*:*:*",      "vulnerable": true    }  ],  "operator": "OR"}

Source: nvd

Type: Configuration

Vendor: *

Product: sharepoint_server

Operating System: * * *

Trait:

{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:a:microsoft:office_compatibility_pack:-:sp3:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:microsoft:office_online...

{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:a:microsoft:office_compatibility_pack:-:sp3:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:microsoft:office_online_server:2016:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:microsoft:office_web_apps_server:2010:sp2:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:microsoft:office_web_apps_server:2013:sp1:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:microsoft:office_word_viewer:-:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:microsoft:sharepoint_server:2013:sp1:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:microsoft:word:2007:sp3:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:microsoft:word:2010:sp2:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:microsoft:word:2013:sp1:*:*:-:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:microsoft:word:2013:sp1:*:*:rt:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:microsoft:word:2016:*:*:*:*:*:*:*",      "vulnerable": true    }  ],  "operator": "OR"}

Source: nvd

Type: Configuration

Vendor: *

Product: word

Operating System: * * *

Trait:

{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:a:microsoft:office_compatibility_pack:-:sp3:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:microsoft:office_online...

{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:a:microsoft:office_compatibility_pack:-:sp3:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:microsoft:office_online_server:2016:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:microsoft:office_web_apps_server:2010:sp2:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:microsoft:office_web_apps_server:2013:sp1:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:microsoft:office_word_viewer:-:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:microsoft:sharepoint_server:2013:sp1:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:microsoft:word:2007:sp3:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:microsoft:word:2010:sp2:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:microsoft:word:2013:sp1:*:*:-:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:microsoft:word:2013:sp1:*:*:rt:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:microsoft:word:2016:*:*:*:*:*:*:*",      "vulnerable": true    }  ],  "operator": "OR"}

Source: nvd

Type: Windows KB

Vendor: Microsoft

Product: Windows

Operating System: Windows

Identifier: KB4011659

Source: msrc

Type: Windows KB

Vendor: Microsoft

Product: Windows

Operating System: Windows

Identifier: KB4011194

Source: msrc

Type: Windows KB

Vendor: Microsoft

Product: Windows

Operating System: Windows

Identifier: KB4461611

Source: msrc

Russian Vulnerability Scanner Database

CVE-2017-11826

Scores

EPSS

CVSS

All CVSS Scores

Vector Breakdown

CVSS

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact

Vector Breakdown

CVSS

Attack Vector

Attack Complexity

Authentication

Confidentiality Impact

Integrity Impact

Availability Impact

Description

Scaner-VS 7 — a modern vulnerability management solution

Sources

CWEs

Related Vulnerabilities

Exploits

Vulnerable Software (113)