CVE-2017-11826 — HIGH (7.8)

Vulnerability Description

Microsoft Office 2010, SharePoint Enterprise Server 2010, SharePoint Server 2010, Web Applications, Office Web Apps Server 2010 and 2013, Word Viewer, Word 2007, 2010, 2013 and 2016, Word Automation Services, and Office Online Server allow remote code execution when the software fails to properly handle objects in memory.

CVSS Score

7.8

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Microsoft	Office Compatibility Pack	-
Microsoft	Office Online Server	2016
Microsoft	Office Web Apps Server	2010
Microsoft	Office Word Viewer	-
Microsoft	Sharepoint Enterprise Server	2016
Microsoft	Sharepoint Server	2010
Microsoft	Word	2007

Related Weaknesses (CWE)

CWE-119

References

http://www.securityfocus.com/bid/101219Broken LinkThird Party AdvisoryVDB Entry
http://www.securitytracker.com/id/1039541Broken LinkThird Party AdvisoryVDB Entry
https://0patch.blogspot.com/2017/11/0patching-pretty-nasty-microsoft-word.htmlExploit
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-1182PatchVendor Advisory
https://securingtomorrow.mcafee.com/mcafee-labs/analyzing-microsoft-office-zero-Broken LinkTechnical DescriptionThird Party Advisory
https://www.tarlogic.com/en/blog/exploiting-word-cve-2017-11826/ExploitThird Party Advisory
http://www.securityfocus.com/bid/101219Broken LinkThird Party AdvisoryVDB Entry
http://www.securitytracker.com/id/1039541Broken LinkThird Party AdvisoryVDB Entry
https://0patch.blogspot.com/2017/11/0patching-pretty-nasty-microsoft-word.htmlExploit
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-1182PatchVendor Advisory
https://securingtomorrow.mcafee.com/mcafee-labs/analyzing-microsoft-office-zero-Broken LinkTechnical DescriptionThird Party Advisory
https://www.tarlogic.com/en/blog/exploiting-word-cve-2017-11826/ExploitThird Party Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-US Government Resource

FAQ

What is CVE-2017-11826?

CVE-2017-11826 is a vulnerability with a CVSS score of 7.8 (HIGH). Microsoft Office 2010, SharePoint Enterprise Server 2010, SharePoint Server 2010, Web Applications, Office Web Apps Server 2010 and 2013, Word Viewer, Word 2007, 2010, 2013 and 2016, Word Automation S...

How severe is CVE-2017-11826?

CVE-2017-11826 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2017-11826?

Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Office Compatibility Pack, Microsoft Office Online Server, Microsoft Office Web Apps Server, Microsoft Office Word Viewer, Microsoft Sharepoint Enterprise Server.