Back to KEVs

CVE-2017-11882

Microsoft Office 2007 Service Pack 3, Microsoft Office 2010 Service Pack 2, Microsoft Office 2013 Service Pack 1, and Microsoft Office 2016 allow...

Basic Information

CVE State
PUBLISHED
Reserved Date
July 31, 2017
Published Date
November 15, 2017
Last Updated
February 10, 2025
Vendor
Microsoft
Product
Microsoft Office
Description
Microsoft Office 2007 Service Pack 3, Microsoft Office 2010 Service Pack 2, Microsoft Office 2013 Service Pack 1, and Microsoft Office 2016 allow an attacker to run arbitrary code in the context of the current user by failing to properly handle objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11884.
Tags
cisa malware ransomware microsoft metasploit_scanner

CVSS Scores

CVSS v3.1

7.8 - HIGH

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS v2.0

9.3

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

SSVC Information

Exploitation
active
Technical Impact
total

Exploit Status

Exploited in the Wild
Yes (2021-11-03 00:00:00 UTC) Source
Proof of Concept Available
Yes (added 2024-12-26 06:23:27 UTC) Source
Used in Malware
Yes (added 2021-11-03 00:00:00 UTC) Source

References

https://github.com/embedi/CVE-2017-11882 https://github.com/unamer/CVE-2017-11882 http://reversingminds-blog.logdown.com/posts/3907313-fileless-attack-in-word-without-macros-cve-2017-11882 https://github.com/rxwx/CVE-2017-11882 http://www.securityfocus.com/bid/101757 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11882 https://researchcenter.paloaltonetworks.com/2017/12/unit42-analysis-of-cve-2017-11882-exploit-in-the-wild/ http://www.securitytracker.com/id/1039783 https://www.kb.cert.org/vuls/id/421280 https://0patch.blogspot.com/2017/11/did-microsoft-just-manually-patch-their.html https://0patch.blogspot.com/2017/11/official-patch-for-cve-2017-11882-meets.html https://github.com/0x09AL/CVE-2017-11882-metasploit https://www.exploit-db.com/exploits/43163/ https://web.archive.org/web/20181104111128/https://embedi.com/blog/skeleton-closet-ms-office-vulnerability-you-didnt-know-about/

Known Exploited Vulnerability Information

Source Added Date
CISA 2021-11-03 00:00:00 UTC

Scanner Integrations

Scanner URL Date Detected
Metasploit https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/fileformat/office_ms17_11882.rb 2025-04-29 11:01:35 UTC

Potential Proof of Concepts

Warning: These PoCs have not been tested and could contain malware. Use at your own risk.

office_ms17_11882

Type: metasploit • Created: Unknown

Metasploit module for CVE-2017-11882

xdrake1010/CVE-2017-11882-Preventer

Type: github • Created: 2025-03-11 16:47:04 UTC • Stars: 0

CVE-2017-11882 Preventer for .docx files

yaseenibnakhtar/001-Malware-Analysis-CVE-2017-11882

Type: github • Created: 2024-12-26 06:23:27 UTC • Stars: 0

Malware Analysis CVE-2017-11882

n18dcat053-luuvannga/DetectPacket-CVE-2017-11882

Type: github • Created: 2023-05-15 08:47:31 UTC • Stars: 0

Sunqiz/CVE-2017-11882-reproduction

Type: github • Created: 2022-08-15 07:09:23 UTC • Stars: 1

CVE-2017-11882复现

tzwlhack/CVE-2017-11882

Type: github • Created: 2022-03-18 05:38:39 UTC • Stars: 1

lisinan988/CVE-2017-11882-exp

Type: github • Created: 2021-11-25 05:03:46 UTC • Stars: 0

ActorExpose/CVE-2017-11882

Type: github • Created: 2020-12-03 15:00:27 UTC • Stars: 0

HaoJame/CVE-2017-11882

Type: github • Created: 2020-11-10 04:13:53 UTC • Stars: 0

ekgg/Overflow-Demo-CVE-2017-11882

Type: github • Created: 2020-01-08 16:27:18 UTC • Stars: 2

Simple Overflow demo, like CVE-2017-11882 exp

littlebin404/CVE-2017-11882

Type: github • Created: 2019-08-14 11:55:00 UTC • Stars: 4

CVE-2017-11882(通杀Office 2003到2016)

chanbin/CVE-2017-11882

Type: github • Created: 2018-12-10 11:15:15 UTC • Stars: 0

Microsoft Equation 3.0/Convert python2 to python3

j0lama/CVE-2017-11882

Type: github • Created: 2018-10-23 07:44:39 UTC • Stars: 0

ChaitanyaHaritash/CVE-2017-11882

Type: github • Created: 2018-05-04 17:50:57 UTC • Stars: 2

Empire Port of CVE-2017-11882

herbiezimmerman/CVE-2017-11882-Possible-Remcos-Malspam

Type: github • Created: 2018-04-23 03:07:25 UTC • Stars: 0

likekabin/CVE-2018-0802_CVE-2017-11882

Type: github • Created: 2018-01-16 05:49:01 UTC • Stars: 11

likekabin/CVE-2017-11882

Type: github • Created: 2018-01-16 05:47:47 UTC • Stars: 0

Shadowshusky/CVE-2017-11882-

Type: github • Created: 2017-11-27 01:50:44 UTC • Stars: 2

Grey-Li/CVE-2017-11882

Type: github • Created: 2017-11-22 04:53:44 UTC • Stars: 0

starnightcyber/CVE-2017-11882

Type: github • Created: 2017-11-22 01:11:39 UTC • Stars: 43

CVE-2017-11882 exploitation

0x09AL/CVE-2017-11882-metasploit

Type: github • Created: 2017-11-21 18:17:28 UTC • Stars: 99

This is a Metasploit module which exploits CVE-2017-11882 using the POC released here : https://embedi.com/blog/skeleton-closet-ms-office-vulnerability-you-didnt-know-about.

rip1s/CVE-2017-11882

Type: github • Created: 2017-11-21 15:22:41 UTC • Stars: 329

CVE-2017-11882 Exploit accepts over 17k bytes long command/code in maximum.

Ridter/CVE-2017-11882

Type: github • Created: 2017-11-21 05:55:53 UTC • Stars: 541

CVE-2017-11882 from https://github.com/embedi/CVE-2017-11882

embedi/CVE-2017-11882

Type: github • Created: 2017-11-20 16:35:30 UTC • Stars: 495

Proof-of-Concept exploits for CVE-2017-11882

Timeline

  • CVE ID Reserved

  • CVE Published to Public

  • Exploit Used in Malware

  • Added to KEVIntel

  • Proof of Concept Exploit Available

  • Detected by Metasploit