Vulnerability Description
Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, Microsoft Excel 2016, Microsoft Office Compatibility Pack Service Pack 3, and Microsoft Excel Viewer 2007 Service Pack 3 allow an attacker to run arbitrary code in the context of the current user by failing to properly handle objects in memory, aka "Microsoft Excel Memory Corruption Vulnerability".
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Excel | 2007 |
| Microsoft | Excel Viewer | 2007 |
| Microsoft | Office Compatibility Pack | - |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/101756Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1039783Issue TrackingThird Party AdvisoryVDB Entry
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-1187Issue TrackingPatchVendor Advisory
- http://www.securityfocus.com/bid/101756Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1039783Issue TrackingThird Party AdvisoryVDB Entry
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-1187Issue TrackingPatchVendor Advisory
FAQ
What is CVE-2017-11878?
CVE-2017-11878 is a vulnerability with a CVSS score of 7.8 (HIGH). Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, Microsoft Excel 2016, Microsoft Office Compatibil...
How severe is CVE-2017-11878?
CVE-2017-11878 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-11878?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Excel, Microsoft Excel Viewer, Microsoft Office Compatibility Pack.