CVE-2017-11878
Description
Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, Microsoft Excel 2016, Microsoft Office Compatibility Pack Service Pack 3, and Microsoft Excel Viewer 2007 Service Pack 3 allow an attacker to run arbitrary code in the context of the current user by failing to properly handle objects in memory, aka Microsoft Excel Memory Corruption Vulnerability.
Risk Information
Base Score
7.8
MODERATE
Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
9.662
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Microsoft Office Excel Security Feature Bypass for Microsoft Office Compatibility Pack Service Pack 3 (KB4011205) | Windows |
| Microsoft Office Excel Security Feature Bypass for Microsoft Excel 2010 (KB4011197) 64-Bit Edition | Windows |
| Microsoft Office Excel Security Feature Bypass for Microsoft Excel 2010 (KB4011197) 32-Bit Edition | Windows |
| Microsoft Office Excel Security Feature Bypass for Microsoft Excel 2016 (KB4011220) 64-Bit Edition | Windows |
| Microsoft Office Excel Security Feature Bypass for Microsoft Excel 2016 (KB4011220) 32-Bit Edition | Windows |
| Microsoft Office Excel Security Feature Bypass for Microsoft Office Excel Viewer 2007 (KB4011206) | Windows |
| Microsoft Office Excel Security Feature Bypass for Microsoft Excel 2013 (KB4011233) 64-Bit Edition | Windows |
| Microsoft Office Excel Security Feature Bypass for Microsoft Excel 2013 (KB4011233) 32-Bit Edition | Windows |
| Microsoft Office Excel Security Feature Bypass for Microsoft Office Excel 2007 (KB4011199) | Windows |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-23481 | Security Update for Microsoft Office Compatibility Pack Service Pack 3 (KB4011205) |
| PATCH-23472 | Security Update for Microsoft Excel 2010 (KB4011197) 64-Bit Edition |
| PATCH-23471 | Security Update for Microsoft Excel 2010 (KB4011197) 32-Bit Edition |
| PATCH-23450 | Security Update for Microsoft Excel 2016 (KB4011220) 64-Bit Edition |
| PATCH-23449 | Security Update for Microsoft Excel 2016 (KB4011220) 32-Bit Edition |
| PATCH-23479 | Security Update for Microsoft Office Excel Viewer 2007 (KB4011206) |
| PATCH-23458 | Security Update for Microsoft Excel 2013 (KB4011233) 64-Bit Edition |
| PATCH-23457 | Security Update for Microsoft Excel 2013 (KB4011233) 32-Bit Edition |
| PATCH-23478 | Security Update for Microsoft Office Excel 2007 (KB4011199) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234