Vulnerability Description
Microsoft Word 2007 Service Pack 3, Microsoft Word 2010 Service Pack 2, Microsoft Office 2010 Service Pack 2, and Microsoft Office Compatibility Pack Service Pack 3 allow an attacker to run arbitrary code in the context of the current user by failing to properly handle objects in memory, aka "Microsoft Word Memory Corruption Vulnerability".
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Office | 2010 |
| Microsoft | Office Compatibility Pack | - |
| Microsoft | Word | 2007 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/101746Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1039795Third Party AdvisoryVDB Entry
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-1185PatchVendor Advisory
- http://www.securityfocus.com/bid/101746Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1039795Third Party AdvisoryVDB Entry
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-1185PatchVendor Advisory
FAQ
What is CVE-2017-11854?
CVE-2017-11854 is a vulnerability with a CVSS score of 8.8 (HIGH). Microsoft Word 2007 Service Pack 3, Microsoft Word 2010 Service Pack 2, Microsoft Office 2010 Service Pack 2, and Microsoft Office Compatibility Pack Service Pack 3 allow an attacker to run arbitrary ...
How severe is CVE-2017-11854?
CVE-2017-11854 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-11854?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Office, Microsoft Office Compatibility Pack, Microsoft Word.