Memory Corruption Vulnerability in Microsoft Office Products
CVE-2017-11882
Key Information:
- Vendor
Microsoft
- Status
- Vendor
- CVE Published:
- 15 November 2017
Badges
What is CVE-2017-11882?
This vulnerability in Microsoft Office products allows an attacker to execute arbitrary code by exploiting improper handling of objects in memory. By leveraging this flaw, attackers can manipulate the application to run malicious code within the context of the current user. It highlights the importance of timely updates and patches to mitigate risks in organizational environments.
CISA has reported CVE-2017-11882
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2017-11882 as being exploited and is known by the CISA as enabling ransomware campaigns.
The CISA's recommendation is: Apply updates per vendor instructions.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
Microsoft Office Microsoft Office 2007 Service Pack 3, Microsoft Office 2010 Service Pack 2, Microsoft Office 2013 Service Pack 1, Microsoft Office 2016
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
EPSS Score
94% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- π‘
Public PoC available
- π°
Used in Ransomware
- πΎ
Exploit known to exist
- π¦
CISA Reported
Vulnerability published
Vulnerability Reserved