Home

CVE-2017-11825

Description

Microsoft Office 2016 Click-to-Run (C2R) and Microsoft Office 2016 for Mac allow an attacker to use a specially crafted file to perform actions in the security context of the current user, due to how Microsoft Office handles files in memory, aka Microsoft Office Remote Code Execution Vulnerability.

Risk Information

Base Score
7.8
MODERATE
Vector
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
32.412

Associated Vulnerability

VulnerabilityOS Platform
Microsoft Office Remote Code Execution Vulnerability for Microsoft Office Word 2007 (KB3213648)Windows
Microsoft Office Remote Code Execution Vulnerability for Microsoft Word 2013 (KB4011232) 64-Bit EditionWindows
Microsoft Office Remote Code Execution Vulnerability for Microsoft Word 2013 (KB4011232) 32-Bit EditionWindows
Microsoft Office Remote Code Execution Vulnerability for Microsoft Office 2010 (KB3213627) 64-Bit EditionWindows
Microsoft Office Remote Code Execution Vulnerability for Microsoft Office 2010 (KB3213627) 32-Bit EditionWindows
Microsoft Office Remote Code Execution Vulnerability for Microsoft Word 2010 (KB3213630) 64-Bit EditionWindows
Microsoft Office Remote Code Execution Vulnerability for Microsoft Word 2010 (KB3213630) 32-Bit EditionWindows

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-23341Security Update for Microsoft Office Word 2007 (KB3213648)
PATCH-23340Security Update for Microsoft Word 2013 (KB4011232) 64-Bit Edition
PATCH-23339Security Update for Microsoft Word 2013 (KB4011232) 32-Bit Edition
PATCH-23345Security Update for Microsoft Office 2010 (KB3213627) 64-Bit Edition
PATCH-23344Security Update for Microsoft Office 2010 (KB3213627) 32-Bit Edition
PATCH-23347Security Update for Microsoft Word 2010 (KB3213630) 32-Bit Edition

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234