Russian Vulnerability Scanner Database

Back to List

CVE-2017-11882

Scores

EPSS Score

0.9438

CVSS

3.x 7.8

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

All CVSS Scores

CVSS 4.0
0.0
CVSS 3.x
7.8

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS 2.0
9.3

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Description

Microsoft Office 2007 Service Pack 3, Microsoft Office 2010 Service Pack 2, Microsoft Office 2013 Service Pack 1, and Microsoft Office 2016 allow an attacker to run arbitrary code in the context of the current user by failing to properly handle objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11884.

Sources

msrcnvd

CWEs

CWE-119

Related Vulnerabilities

BDU:2018-00096

Exploits

Exploit ID: 43163

Source: exploitdb

URL: https://www.exploit-db.com/exploits/43163

Exploit ID: CVE-2017-11882

Source: github-poc

URL: https://github.com/xdrake1010/CVE-2017-11882-Preventer

Reference Links

http://reversingminds-blog.logdown.com/posts/3907313-fileless-attack-in-word-without-macros-cve-2017-11882
http://www.securityfocus.com/bid/101757
http://www.securitytracker.com/id/1039783
https://0patch.blogspot.com/2017/11/did-microsoft-just-manually-patch-their.html
https://0patch.blogspot.com/2017/11/official-patch-for-cve-2017-11882-meets.html
https://github.com/0x09AL/CVE-2017-11882-metasploit
https://github.com/embedi/CVE-2017-11882
https://github.com/rxwx/CVE-2017-11882
https://github.com/unamer/CVE-2017-11882
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11882
https://researchcenter.paloaltonetworks.com/2017/12/unit42-analysis-of-cve-2017-11882-exploit-in-the-wild/
https://web.archive.org/web/20181104111128/https://embedi.com/blog/skeleton-closet-ms-office-vulnerability-you-didnt-know-about/
https://www.exploit-db.com/exploits/43163/
https://www.kb.cert.org/vuls/id/421280

Vulnerable Software

Type: Configuration

Vendor: microsoft

Product: office

Operating System: * * *

Trait: 
{
  "cpe_match": [
    {
      "cpe23uri": "cpe:2.3:a:microsoft:office:2007:sp3:*:*:*:*:*:*",
      "vulnerable": true
    },
    {
      "cpe23uri": "cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:*:*",
      "vulnerable": true
    },
    {
      "cpe23uri": "cpe:2.3:a:microsoft:office:2013:sp1:*:*:*:*:*:*",
      "vulnerable": true
    },
    {
      "cpe23uri": "cpe:2.3:a:microsoft:office:2016:*:*:*:*:*:*:*",
      "vulnerable": true
    }
  ],
  "operator": "OR"
}

Source: nvd

Type: Windows KB

Vendor: Microsoft

Product: Windows

Operating System: Windows

Identifier: KB3162047

Source: msrc

Type: Windows KB

Vendor: Microsoft

Product: Windows

Operating System: Windows

Identifier: KB4011580

Source: msrc

Type: Windows KB

Vendor: Microsoft

Product: Windows

Operating System: Windows

Identifier: KB4011618

Source: msrc

Type: Windows KB

Vendor: Microsoft

Product: Windows

Operating System: Windows

Identifier: KB4011610

Source: msrc

Type: Windows KB

Vendor: Microsoft

Product: Windows

Operating System: Windows

Identifier: KB4011604

Source: msrc

Type: Windows KB

Vendor: Microsoft

Product: Windows

Operating System: Windows

Identifier: KB4011656

Source: msrc

Type: Windows KB

Vendor: Microsoft

Product: Windows

Operating System: Windows

Identifier: KB4011262

Source: msrc

Type: Windows KB

Vendor: Microsoft

Product: Windows

Operating System: Windows

Identifier: KB4011574

Source: msrc