Vulnerability Description
Microsoft Office 2016 Click-to-Run (C2R) and Microsoft Office 2016 for Mac allow an attacker to use a specially crafted file to perform actions in the security context of the current user, due to how Microsoft Office handles files in memory, aka "Microsoft Office Remote Code Execution Vulnerability".
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Office | 2016 |
| Microsoft | Office For Mac | 2016 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/101124Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1039539Third Party AdvisoryVDB Entry
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-1182PatchVendor Advisory
- http://www.securityfocus.com/bid/101124Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1039539Third Party AdvisoryVDB Entry
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-1182PatchVendor Advisory
FAQ
What is CVE-2017-11825?
CVE-2017-11825 is a vulnerability with a CVSS score of 7.8 (HIGH). Microsoft Office 2016 Click-to-Run (C2R) and Microsoft Office 2016 for Mac allow an attacker to use a specially crafted file to perform actions in the security context of the current user, due to how ...
How severe is CVE-2017-11825?
CVE-2017-11825 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-11825?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Office, Microsoft Office For Mac.