The vulnerabilities of Microsoft Excel editors, Microsoft Excel Viewer for electronic spreadsheet viewing, and the Microsoft Office Compatibility Pack are caused by an operation that goes beyond the buffer boundaries in memory, allowing an attacker to execute arbitrary code.

🗓️ 18 Jan 2018 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 3 Views

Flaws in Excel editors, Viewer, and Office Compatibility Pack allow code execution due to improper memory handling.

Reporter	Title	Published	Views	Family All 30
ATTACKERKB	CVE-2017-11878	15 Nov 201703:29	–	attackerkb
CNVD	Microsoft Office Remote Code Execution Vulnerability (CNVD-2017-37107)	16 Nov 201700:00	–	cnvd
Check Point Advisories	Microsoft Excel Memory Corruption (CVE-2017-11878)	14 Nov 201700:00	–	checkpoint_advisories
CVE	CVE-2017-11878	15 Nov 201703:00	–	cve
Cvelist	CVE-2017-11878	15 Nov 201703:00	–	cvelist
Microsoft KB	Description of the security update for Excel 2010: November 14, 2017	14 Nov 201708:00	–	mskb
Microsoft KB	Description of the security update for Excel 2007: November 14, 2017	14 Nov 201708:00	–	mskb
Microsoft KB	Description of the security update for Microsoft Office Compatibility Pack Service Pack 3: November 14, 2017	14 Nov 201708:00	–	mskb
Microsoft KB	Security update 2017-11-14	14 Nov 201708:00	–	mskb
Microsoft KB	Description of the security update for Excel 2016: November 14, 2017	14 Nov 201708:00	–	mskb

Source	Link
securityfocus	www.securityfocus.com/bid/101756
securitytracker	www.securitytracker.com/id/1039783
portal	www.portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11878
web	www.web.nvd.nist.gov/view/vuln/detail

23 Mar 2021 00:00Current

6Medium risk

Vulners AI Score6

CVSS 37.8

CVSS 29.3

EPSS0.09662

Excel editors Excel Viewer Office Compatibility Pack memory handling arbitrary code code execution