CVE-2017-11882
KEVMicrosoft Office Memory Corruption Vulnerability
7.8
HighPublished:
Last updated:
Source:secure@microsoft.com
Analyzed
Weakness (CWE)
CVSS Vector
v3.1- Attack Vector
- Local
- Attack Complexity
- Low
- Privileges Required
- None
- User Interaction
- Required
- Scope
- Unchanged
- Confidentiality
- High
- Integrity
- High
- Availability
- High
Description
Microsoft Office 2007 Service Pack 3, Microsoft Office 2010 Service Pack 2, Microsoft Office 2013 Service Pack 1, and Microsoft Office 2016 allow an attacker to run arbitrary code in the context of the current user by failing to properly handle objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11884.
Exploits
References
secure@microsoft.com
http://reversingminds-blog.logdown.com/posts/3907313-fileless-attack-in-word-without-macros-cve-2017-11882secure@microsoft.com
http://www.securityfocus.com/bid/101757secure@microsoft.com
http://www.securitytracker.com/id/1039783secure@microsoft.com
https://0patch.blogspot.com/2017/11/did-microsoft-just-manually-patch-their.htmlsecure@microsoft.com
https://0patch.blogspot.com/2017/11/official-patch-for-cve-2017-11882-meets.htmlsecure@microsoft.com
https://github.com/0x09AL/CVE-2017-11882-metasploitsecure@microsoft.com
https://github.com/embedi/CVE-2017-11882secure@microsoft.com
https://github.com/rxwx/CVE-2017-11882secure@microsoft.com
https://github.com/unamer/CVE-2017-11882secure@microsoft.com
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11882secure@microsoft.com
https://researchcenter.paloaltonetworks.com/2017/12/unit42-analysis-of-cve-2017-11882-exploit-in-the-wild/secure@microsoft.com
https://web.archive.org/web/20181104111128/https://embedi.com/blog/skeleton-closet-ms-office-vulnerability-you-didnt-know-about/secure@microsoft.com
https://www.exploit-db.com/exploits/43163/secure@microsoft.com
https://www.kb.cert.org/vuls/id/421280af854a3a-2127-422b-91ae-364da2661108
http://reversingminds-blog.logdown.com/posts/3907313-fileless-attack-in-word-without-macros-cve-2017-11882af854a3a-2127-422b-91ae-364da2661108
http://www.securityfocus.com/bid/101757af854a3a-2127-422b-91ae-364da2661108
http://www.securitytracker.com/id/1039783af854a3a-2127-422b-91ae-364da2661108
https://0patch.blogspot.com/2017/11/did-microsoft-just-manually-patch-their.htmlaf854a3a-2127-422b-91ae-364da2661108
https://0patch.blogspot.com/2017/11/official-patch-for-cve-2017-11882-meets.htmlaf854a3a-2127-422b-91ae-364da2661108
https://github.com/0x09AL/CVE-2017-11882-metasploitaf854a3a-2127-422b-91ae-364da2661108
https://github.com/embedi/CVE-2017-11882af854a3a-2127-422b-91ae-364da2661108
https://github.com/rxwx/CVE-2017-11882af854a3a-2127-422b-91ae-364da2661108
https://github.com/unamer/CVE-2017-11882af854a3a-2127-422b-91ae-364da2661108
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11882af854a3a-2127-422b-91ae-364da2661108
https://researchcenter.paloaltonetworks.com/2017/12/unit42-analysis-of-cve-2017-11882-exploit-in-the-wild/af854a3a-2127-422b-91ae-364da2661108
https://web.archive.org/web/20181104111128/https://embedi.com/blog/skeleton-closet-ms-office-vulnerability-you-didnt-know-about/af854a3a-2127-422b-91ae-364da2661108
https://www.exploit-db.com/exploits/43163/af854a3a-2127-422b-91ae-364da2661108
https://www.kb.cert.org/vuls/id/421280134c704f-9b21-4f2e-91b3-4a467353bcc0
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-11882