← Retour aux CVEs
CVE-2017-11882
HIGHCISA KEV7.8
Description
Microsoft Office 2007 Service Pack 3, Microsoft Office 2010 Service Pack 2, Microsoft Office 2013 Service Pack 1, and Microsoft Office 2016 allow an attacker to run arbitrary code in the context of the current user by failing to properly handle objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11884.
Details CVE
Score CVSS v3.17.8
SeveriteHIGH
Vecteur CVSSCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Vecteur d'attaqueLOCAL
ComplexiteLOW
Privileges requisNONE
Interaction utilisateurREQUIRED
Publie11/15/2017
Derniere modification4/22/2026
Sourcekev
Observations honeypot0
CISA KEV
FournisseurMicrosoft
ProduitOffice
Nom vulnerabiliteMicrosoft Office Memory Corruption Vulnerability
Date ajout KEV2021-11-03
Date limite remediation2022-05-03
Utilise dans ransomwareKnown
Produits affectes
microsoft:office
Faiblesses (CWE)
CWE-119CWE-119
References
http://reversingminds-blog.logdown.com/posts/3907313-fileless-attack-in-word-without-macros-cve-2017-11882(secure@microsoft.com)
http://www.securityfocus.com/bid/101757(secure@microsoft.com)
http://www.securitytracker.com/id/1039783(secure@microsoft.com)
https://0patch.blogspot.com/2017/11/did-microsoft-just-manually-patch-their.html(secure@microsoft.com)
https://0patch.blogspot.com/2017/11/official-patch-for-cve-2017-11882-meets.html(secure@microsoft.com)
https://github.com/0x09AL/CVE-2017-11882-metasploit(secure@microsoft.com)
https://github.com/embedi/CVE-2017-11882(secure@microsoft.com)
https://github.com/rxwx/CVE-2017-11882(secure@microsoft.com)
https://github.com/unamer/CVE-2017-11882(secure@microsoft.com)
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11882(secure@microsoft.com)
https://researchcenter.paloaltonetworks.com/2017/12/unit42-analysis-of-cve-2017-11882-exploit-in-the-wild/(secure@microsoft.com)
https://web.archive.org/web/20181104111128/https://embedi.com/blog/skeleton-closet-ms-office-vulnerability-you-didnt-know-about/(secure@microsoft.com)
https://www.exploit-db.com/exploits/43163/(secure@microsoft.com)
https://www.kb.cert.org/vuls/id/421280(secure@microsoft.com)
http://reversingminds-blog.logdown.com/posts/3907313-fileless-attack-in-word-without-macros-cve-2017-11882(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/101757(af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id/1039783(af854a3a-2127-422b-91ae-364da2661108)
https://0patch.blogspot.com/2017/11/did-microsoft-just-manually-patch-their.html(af854a3a-2127-422b-91ae-364da2661108)
https://0patch.blogspot.com/2017/11/official-patch-for-cve-2017-11882-meets.html(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/0x09AL/CVE-2017-11882-metasploit(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/embedi/CVE-2017-11882(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/rxwx/CVE-2017-11882(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/unamer/CVE-2017-11882(af854a3a-2127-422b-91ae-364da2661108)
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11882(af854a3a-2127-422b-91ae-364da2661108)
https://researchcenter.paloaltonetworks.com/2017/12/unit42-analysis-of-cve-2017-11882-exploit-in-the-wild/(af854a3a-2127-422b-91ae-364da2661108)
https://web.archive.org/web/20181104111128/https://embedi.com/blog/skeleton-closet-ms-office-vulnerability-you-didnt-know-about/(af854a3a-2127-422b-91ae-364da2661108)
https://www.exploit-db.com/exploits/43163/(af854a3a-2127-422b-91ae-364da2661108)
https://www.kb.cert.org/vuls/id/421280(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-11882(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.