Home

CVE-2017-11884

Description

Microsoft Excel 2016 Click-to-Run (C2R) allows an attacker to run arbitrary code in the context of the current user by failing to properly handle objects in memory, aka Microsoft Office Memory Corruption Vulnerability. This CVE ID is unique from CVE-2017-11882.

Risk Information

Base Score
7.8
MODERATE
Vector
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
49.92

Associated Vulnerability

VulnerabilityOS Platform
Microsoft Office Excel Security Feature Bypass for Microsoft Excel 2010 (KB4011197) 64-Bit EditionWindows
Microsoft Office Excel Security Feature Bypass for Microsoft Excel 2010 (KB4011197) 32-Bit EditionWindows
Microsoft Office Excel Security Feature Bypass for Microsoft Excel 2016 (KB4011220) 64-Bit EditionWindows
Microsoft Office Excel Security Feature Bypass for Microsoft Excel 2016 (KB4011220) 32-Bit EditionWindows
Microsoft Office Excel Security Feature Bypass for Microsoft Excel 2013 (KB4011233) 64-Bit EditionWindows
Microsoft Office Excel Security Feature Bypass for Microsoft Excel 2013 (KB4011233) 32-Bit EditionWindows
Microsoft Office Excel Security Feature Bypass for Microsoft Office Excel 2007 (KB4011199)Windows

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-23472Security Update for Microsoft Excel 2010 (KB4011197) 64-Bit Edition
PATCH-23471Security Update for Microsoft Excel 2010 (KB4011197) 32-Bit Edition
PATCH-23450Security Update for Microsoft Excel 2016 (KB4011220) 64-Bit Edition
PATCH-23449Security Update for Microsoft Excel 2016 (KB4011220) 32-Bit Edition
PATCH-23458Security Update for Microsoft Excel 2013 (KB4011233) 64-Bit Edition
PATCH-23457Security Update for Microsoft Excel 2013 (KB4011233) 32-Bit Edition
PATCH-23478Security Update for Microsoft Office Excel 2007 (KB4011199)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234