Lucene search

[email protected]CVE-2017-11826

HistoryOct 13, 2017 - 1:29 p.m.

CVE-2017-11826

2017-10-1313:29:02

CWE-119

[email protected]

web.nvd.nist.gov

877

In Wild

microsoft office

sharepoint

remote code execution

cve-2017-11826

nvd

memory handling

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.9 High

AI Score

Confidence

High

0.949 High

EPSS

Percentile

99.3%

JSON

Microsoft Office 2010, SharePoint Enterprise Server 2010, SharePoint Server 2010, Web Applications, Office Web Apps Server 2010 and 2013, Word Viewer, Word 2007, 2010, 2013 and 2016, Word Automation Services, and Office Online Server allow remote code execution when the software fails to properly handle objects in memory.

Affected configurations

Vulners

NVD

Node

microsoft_corporationmicrosoft_office

CPENameOperatorVersion
microsoft:officemicrosoft officeeq2010
microsoft:office_online_servermicrosoft office online servereq*
microsoft:office_web_appsmicrosoft office web appseq*
microsoft:office_web_appsmicrosoft office web appseq2010
microsoft:office_web_appsmicrosoft office web appseq2013
microsoft:sharepoint_enterprise_servermicrosoft sharepoint enterprise servereq2010
microsoft:sharepoint_servermicrosoft sharepoint servereq2010
microsoft:web_applicationsmicrosoft web applicationseq*
microsoft:wordmicrosoft wordeq2007
microsoft:wordmicrosoft wordeq2010

CPE	Name	Operator	Version
microsoft:office	microsoft office	eq	2010
microsoft:office_online_server	microsoft office online server	eq	*
microsoft:office_web_apps	microsoft office web apps	eq	*
microsoft:office_web_apps	microsoft office web apps	eq	2010
microsoft:office_web_apps	microsoft office web apps	eq	2013
microsoft:sharepoint_enterprise_server	microsoft sharepoint enterprise server	eq	2010
microsoft:sharepoint_server	microsoft sharepoint server	eq	2010
microsoft:web_applications	microsoft web applications	eq	*
microsoft:word	microsoft word	eq	2007
microsoft:word	microsoft word	eq	2010

Rows per page:

1-10 of 131

CNA Affected

[
  {
    "product": "Microsoft Office",
    "vendor": "Microsoft Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "Microsoft Office 2010, SharePoint Enterprise Server 2010, SharePoint Server 2010, Web Applications, Office Web Apps Server 2010 and 2013, Word Viewer, Word 2007, 2010, 2013 and 2016, Word Automation Services, Office Online Server."
      }
    ]
  }
]