Home

CVE-2017-11854

Description

Microsoft Word 2007 Service Pack 3, Microsoft Word 2010 Service Pack 2, Microsoft Office 2010 Service Pack 2, and Microsoft Office Compatibility Pack Service Pack 3 allow an attacker to run arbitrary code in the context of the current user by failing to properly handle objects in memory, aka Microsoft Word Memory Corruption Vulnerability.

Risk Information

Base Score
8.8
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
18.88

Associated Vulnerability

VulnerabilityOS Platform
Microsoft Office Remote Code Execution Vulnerability for Microsoft Office Compatibility Pack Service Pack 3 (KB4011265)Windows
Microsoft Office Remote Code Execution Vulnerability for Microsoft Office 2010 (KB4011268) 64-Bit EditionWindows
Microsoft Office Remote Code Execution Vulnerability for Microsoft Office 2010 (KB4011268) 32-Bit EditionWindows
Microsoft Office Remote Code Execution Vulnerability for Microsoft Office Word 2007 (KB4011266)Windows
Microsoft Office Remote Code Execution Vulnerability for Microsoft Word 2010 (KB4011270) 64-Bit EditionWindows
Microsoft Office Remote Code Execution Vulnerability for Microsoft Word 2010 (KB4011270) 32-Bit EditionWindows

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-23480Security Update for Microsoft Office Compatibility Pack Service Pack 3 (KB4011265)
PATCH-23467Security Update for Microsoft Office 2010 (KB4011268) 64-Bit Edition
PATCH-23466Security Update for Microsoft Office 2010 (KB4011268) 32-Bit Edition
PATCH-23474Security Update for Microsoft Office Word 2007 (KB4011266)
PATCH-23464Security Update for Microsoft Word 2010 (KB4011270) 32-Bit Edition

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234