Home

CVE-2017-11882

Description

Microsoft Office 2007 Service Pack 3, Microsoft Office 2010 Service Pack 2, Microsoft Office 2013 Service Pack 1, and Microsoft Office 2016 allow an attacker to run arbitrary code in the context of the current user by failing to properly handle objects in memory, aka Microsoft Office Memory Corruption Vulnerability. This CVE ID is unique from CVE-2017-11884.

Risk Information

Base Score
7.8
MODERATE
Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
94.384

Associated Vulnerability

VulnerabilityOS Platform
Microsoft Office Memory Corruption Vulnerability for Microsoft Office 2013 (KB3162047) 64-Bit EditionWindows
Microsoft Office Memory Corruption Vulnerability for Microsoft Office 2013 (KB3162047) 32-Bit EditionWindows
Microsoft Office Memory Corruption Vulnerability for Microsoft Office 2007 suites (KB4011604)Windows
Microsoft Office Memory Corruption Vulnerability for Microsoft Office 2016 (KB4011262) 64-Bit EditionWindows
Microsoft Office Memory Corruption Vulnerability for Microsoft Office 2016 (KB4011262) 32-Bit EditionWindows
Microsoft Office Memory Corruption Vulnerability for Microsoft Office 2010 (KB4011618) 64-Bit EditionWindows
Microsoft Office Memory Corruption Vulnerability for Microsoft Office 2010 (KB4011618) 32-Bit EditionWindows

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-23460Security Update for Microsoft Office 2013 (KB3162047) 64-Bit Edition
PATCH-23459Security Update for Microsoft Office 2013 (KB3162047) 32-Bit Edition
PATCH-23487Security Update for Microsoft Office 2007 suites (KB4011604)
PATCH-23452Security Update for Microsoft Office 2016 (KB4011262) 64-Bit Edition
PATCH-23451Security Update for Microsoft Office 2016 (KB4011262) 32-Bit Edition
PATCH-23489Security Update for Microsoft Office 2010 (KB4011618) 64-Bit Edition
PATCH-23488Security Update for Microsoft Office 2010 (KB4011618) 32-Bit Edition

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234