CVE-2017-11882

Confirmed PUBLISHED

Microsoft Office 2007 Service Pack 3, Microsoft Office 2010 Service Pack 2, Microsoft Office 2013 Service Pack 1, and Microsoft Office 2016 allow...

Microsoft Corporation · Microsoft Office
Exploited in the wild Used in malware PoC available

Recommended Action

Prioritize remediation. Validate affected assets and apply vendor fixes on an accelerated timeline.

Confidence
Confirmed
Exploitation Status
Exploited in the wild
Observed in Sensors
No
Attempts (30d)
Unique Attacker IPs
CISA KEV
In CISA KEV
CVSS / EPSS
7.8 High EPSS 99.9%

At a Glance

Microsoft Office 2007 Service Pack 3, Microsoft Office 2010 Service Pack 2, Microsoft Office 2013 Service Pack 1, and Microsoft Office 2016 allow an attacker to run arbitrary code in the context of the current user by failing to properly handle objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11884.

cisa microsoft malware ransomware metasploit
CVE Published
Nov 15, 2017
Exploitation Reported
Nov 03, 2021
CVSS
7.8 High
EPSS
99.9%
Low complexity Unauthenticated

Affected Versions

Vendor Product Version Status
Microsoft Corporation
Microsoft Office

Microsoft Office 2007 Service Pack 3, Microsoft Office 2010 Service Pack 2, Microsoft Office 2013 Service Pack 1, Microsoft Office 2016

Affected

CVE References

  • VU#421280 kb.cert.org · Third-Party Advisory https://www.kb.cert.org/vuls/id/421280
  • 43163 exploit-db.com · Exploit https://www.exploit-db.com/exploits/43163/
  • 101757 securityfocus.com · VDB Entry http://www.securityfocus.com/bid/101757
  • 1039783 securitytracker.com · VDB Entry http://www.securitytracker.com/id/1039783
  • GitHub — embedi/CVE-2017-11882 github.com · CVE Record https://github.com/embedi/CVE-2017-11882
Show 9 more references

Recommended Actions

  • Prioritize remediation. Validate affected assets and apply vendor fixes on an accelerated timeline.
  • Check enrichment artifacts for scanner coverage and available PoCs before rolling remediation validation.
  • Use the Pro API to automate enrichment, telemetry, and workflow delivery for VM, SOC, and CTI pipelines.