Back to KEVs

CVE-2017-11882

Microsoft Office 2007 Service Pack 3, Microsoft Office 2010 Service Pack 2, Microsoft Office 2013 Service Pack 1, and Microsoft Office 2016 allow...

Basic Information

CVE State: PUBLISHED
Reserved Date: July 31, 2017
Published Date: November 15, 2017
Last Updated: February 10, 2025
Vendor: Microsoft Corporation
Product: Microsoft Office
Description: Microsoft Office 2007 Service Pack 3, Microsoft Office 2010 Service Pack 2, Microsoft Office 2013 Service Pack 1, and Microsoft Office 2016 allow an attacker to run arbitrary code in the context of the current user by failing to properly handle objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11884.

CVSS Scores

SSVC Information

Exploitation: active
Technical Impact: total

Exploit Status

Exploited in the Wild: Yes (added 2021-11-03 00:00:00 UTC) Source
Proof of Concept Available: Yes (added 2024-12-26 06:23:27 UTC) Source
Used in Malware: Yes (added 2021-11-03 00:00:00 UTC) Source

References

https://github.com/embedi/CVE-2017-11882 https://github.com/unamer/CVE-2017-11882 http://reversingminds-blog.logdown.com/posts/3907313-fileless-attack-in-word-without-macros-cve-2017-11882 https://github.com/rxwx/CVE-2017-11882 http://www.securityfocus.com/bid/101757 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11882 https://researchcenter.paloaltonetworks.com/2017/12/unit42-analysis-of-cve-2017-11882-exploit-in-the-wild/ http://www.securitytracker.com/id/1039783 https://www.kb.cert.org/vuls/id/421280 https://0patch.blogspot.com/2017/11/did-microsoft-just-manually-patch-their.html https://0patch.blogspot.com/2017/11/official-patch-for-cve-2017-11882-meets.html https://github.com/0x09AL/CVE-2017-11882-metasploit https://www.exploit-db.com/exploits/43163/ https://web.archive.org/web/20181104111128/https://embedi.com/blog/skeleton-closet-ms-office-vulnerability-you-didnt-know-about/

Known Exploited Vulnerability Information

Source	Added Date
CISA	2021-11-03 00:00:00 UTC

Scanner Integrations

Scanner	URL	Date Detected
Metasploit	https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/fileformat/office_ms17_11882.rb	2025-04-29 11:01:35 UTC

Potential Proof of Concepts

Warning: These PoCs have not been tested and could contain malware. Use at your own risk.

office_ms17_11882

Type: metasploit • Created: Unknown

Metasploit module for CVE-2017-11882

xdrake1010/CVE-2017-11882-Preventer

Type: github • Created: 2025-03-11 16:47:04 UTC • Stars: 0

CVE-2017-11882 Preventer for .docx files

yaseenibnakhtar/001-Malware-Analysis-CVE-2017-11882

Type: github • Created: 2024-12-26 06:23:27 UTC • Stars: 0

Malware Analysis CVE-2017-11882

n18dcat053-luuvannga/DetectPacket-CVE-2017-11882

Type: github • Created: 2023-05-15 08:47:31 UTC • Stars: 0

Sunqiz/CVE-2017-11882-reproduction

Type: github • Created: 2022-08-15 07:09:23 UTC • Stars: 1

CVE-2017-11882复现

tzwlhack/CVE-2017-11882

Type: github • Created: 2022-03-18 05:38:39 UTC • Stars: 1

lisinan988/CVE-2017-11882-exp

Type: github • Created: 2021-11-25 05:03:46 UTC • Stars: 0

ActorExpose/CVE-2017-11882

Type: github • Created: 2020-12-03 15:00:27 UTC • Stars: 0

HaoJame/CVE-2017-11882

Type: github • Created: 2020-11-10 04:13:53 UTC • Stars: 0

ekgg/Overflow-Demo-CVE-2017-11882

Type: github • Created: 2020-01-08 16:27:18 UTC • Stars: 2

Simple Overflow demo, like CVE-2017-11882 exp

littlebin404/CVE-2017-11882

Type: github • Created: 2019-08-14 11:55:00 UTC • Stars: 4

CVE-2017-11882（通杀Office 2003到2016）

chanbin/CVE-2017-11882

Type: github • Created: 2018-12-10 11:15:15 UTC • Stars: 0

Microsoft Equation 3.0/Convert python2 to python3

j0lama/CVE-2017-11882

Type: github • Created: 2018-10-23 07:44:39 UTC • Stars: 0

ChaitanyaHaritash/CVE-2017-11882

Type: github • Created: 2018-05-04 17:50:57 UTC • Stars: 2

Empire Port of CVE-2017-11882

herbiezimmerman/CVE-2017-11882-Possible-Remcos-Malspam

Type: github • Created: 2018-04-23 03:07:25 UTC • Stars: 0

likekabin/CVE-2018-0802_CVE-2017-11882

Type: github • Created: 2018-01-16 05:49:01 UTC • Stars: 11

likekabin/CVE-2017-11882

Type: github • Created: 2018-01-16 05:47:47 UTC • Stars: 0

Shadowshusky/CVE-2017-11882-

Type: github • Created: 2017-11-27 01:50:44 UTC • Stars: 2

Grey-Li/CVE-2017-11882

Type: github • Created: 2017-11-22 04:53:44 UTC • Stars: 0

starnightcyber/CVE-2017-11882

Type: github • Created: 2017-11-22 01:11:39 UTC • Stars: 43

CVE-2017-11882 exploitation

0x09AL/CVE-2017-11882-metasploit

Type: github • Created: 2017-11-21 18:17:28 UTC • Stars: 99

This is a Metasploit module which exploits CVE-2017-11882 using the POC released here : https://embedi.com/blog/skeleton-closet-ms-office-vulnerability-you-didnt-know-about.

rip1s/CVE-2017-11882

Type: github • Created: 2017-11-21 15:22:41 UTC • Stars: 329

CVE-2017-11882 Exploit accepts over 17k bytes long command/code in maximum.

Ridter/CVE-2017-11882

Type: github • Created: 2017-11-21 05:55:53 UTC • Stars: 541

CVE-2017-11882 from https://github.com/embedi/CVE-2017-11882

embedi/CVE-2017-11882

Type: github • Created: 2017-11-20 16:35:30 UTC • Stars: 495

Proof-of-Concept exploits for CVE-2017-11882