Microsoft Office CVE-2017-11826 Memory Corruption Vulnerability



Microsoft Office is prone to a memory-corruption vulnerability.

An attacker can leverage this issue to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely result in denial of service conditions.

Information

Bugtraq ID: 101219
Class: Design Error
CVE: CVE-2017-11826

Remote: Yes
Local: No
Published: Oct 10 2017 12:00AM
Updated: Oct 10 2017 12:00AM
Credit: Yang Kang, Ding Maoyin and Song Shenlei of Qihoo 360 Core Security (@360CoreSec)
Vulnerable: Microsoft Word Automation Services 0
Microsoft Word 2016 (64-bit edition) 0
Microsoft Word 2016 (32-bit edition) 0
Microsoft Word 2013 Service Pack 1 (64-bit editions)
Microsoft Word 2013 Service Pack 1 (32-bit editions)
Microsoft Word 2013 RT Service Pack 1 0
Microsoft Word 2010 Service Pack 2 (64-bit editions) 0
Microsoft Word 2010 Service Pack 2 (32-bit editions) 0
Microsoft Word 2007 SP3
Microsoft SharePoint Enterprise Server 2016 0
Microsoft Office Word Viewer 0
Microsoft Office Web Apps Server 2013 SP1
Microsoft Office Web Apps Server 2010 Service Pack 2
Microsoft Office Online Server 2016 0
Microsoft Office Compatibility Pack SP3


Not Vulnerable:

Exploit


Reports indicate that this issue is being exploited in the wild.


Related Posts