Microsoft Office Remote Code Execution Vulnerability for Microsoft Web Applications (KB4011194)
Risk Information
Base Score
7.8
MODERATE
Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
90.484%
CVE Information
Patch Details
Patch associated with this vulnerability is supported by ManageEngine.
Patch ID
23293
Patch Description
Security Update for Microsoft Web Applications (KB4011194)
References
http://www.securityfocus.com/bid/101219
http://www.securitytracker.com/id/1039541
https://0patch.blogspot.com/2017/11/0patching-pretty-nasty-microsoft-word.html
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2017-11826
https://securingtomorrow.mcafee.com/mcafee-labs/analyzing-microsoft-office-zero-day-exploit-cve-2017-11826-memory-corruption-vulnerability/
https://www.tarlogic.com/en/blog/exploiting-word-cve-2017-11826/