Vulnerability Name: | CVE-2017-11884 (CCN-134552) | ||||||||||||
Assigned: | 2017-11-14 | ||||||||||||
Published: | 2017-11-14 | ||||||||||||
Updated: | 2018-03-16 | ||||||||||||
Summary: | Microsoft Excel 2016 Click-to-Run (C2R) allows an attacker to run arbitrary code in the context of the current user by failing to properly handle objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11882. | ||||||||||||
CVSS v3 Severity: | 7.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) 6.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
6.8 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
| ||||||||||||
CVSS v2 Severity: | 9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
| ||||||||||||
Vulnerability Type: | CWE-119 | ||||||||||||
Vulnerability Consequences: | Gain Access | ||||||||||||
References: | Source: MITRE Type: CNA CVE-2017-11884 Source: BID Type: Third Party Advisory, VDB Entry 101766 Source: CCN Type: BID-101766 Microsoft Office CVE-2017-11884 Memory Corruption Vulnerability Source: SECTRACK Type: Third Party Advisory, VDB Entry 1039783 Source: XF Type: UNKNOWN ms-excel-cve201711884-code-exec(134552) Source: CCN Type: Microsoft Security TechCenter - November 2017 Microsoft Office Memory Corruption Vulnerability Source: CONFIRM Type: Patch, Vendor Advisory https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11884 Source: CCN Type: ZDI-17-929 Microsoft Office Excel XLS File Parsing Use-After-Free Remote Code Execution Vulnerability | ||||||||||||
Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||||||
BACK |