Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2017-11877
HistoryNov 15, 2017 - 3:29 a.m.

CVE-2017-11877

2017-11-1503:29:01
[email protected]
web.nvd.nist.gov
8

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

AI Score

5.8

Confidence

High

EPSS

0.004

Percentile

73.4%

JSON

Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, Microsoft Excel 2016, Microsoft Office Compatibility Pack Service Pack 3, Microsoft Excel Viewer 2007 Service Pack 3, and Microsoft Excel 2016 for Mac allow a security feature bypass by not enforcing macro settings on an Excel document, aka “Microsoft Excel Security Feature Bypass Vulnerability”.

Affected configurations

Nvd
Node
microsoftexcelMatch2007
OR
microsoftexcelMatch2010
OR
microsoftexcelMatch2013
OR
microsoftexcelMatch2013sp1
OR
microsoftexcelMatch2016
OR
microsoftexcelMatch2016mac_os_x
OR
microsoftexcel_viewerMatch2007sp3
OR
microsoftoffice_compatibility_packMatch-sp3
VendorProductVersionCPE
microsoftexcel2007cpe:2.3:a:microsoft:excel:2007:*:*:*:*:*:*:*
microsoftexcel2010cpe:2.3:a:microsoft:excel:2010:*:*:*:*:*:*:*
microsoftexcel2013cpe:2.3:a:microsoft:excel:2013:*:*:*:*:*:*:*
microsoftexcel2013cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:*:*
microsoftexcel2016cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:*:*
microsoftexcel2016cpe:2.3:a:microsoft:excel:2016:*:*:*:*:mac_os_x:*:*
microsoftexcel_viewer2007cpe:2.3:a:microsoft:excel_viewer:2007:sp3:*:*:*:*:*:*
microsoftoffice_compatibility_pack-cpe:2.3:a:microsoft:office_compatibility_pack:-:sp3:*:*:*:*:*:*

Related

prion 1
nessus 4
cvelist 1
cve 1
symantec 1
mscve 1
mskb 7
openvas 6
kaspersky 1
thn 1
threatpost 1
trendmicroblog 1
talosblog 1
prion
prion
Security feature bypass
2017-11-15 03:29:00
nessus
nessus
Security Update for Microsoft Office (November 2017) (macOS)
2017-11-14 00:00:00
Security Updates for Microsoft Office Viewer Products (November 2017)
2017-11-14 00:00:00
Security Updates for Microsoft Excel Products (November 2017)
2017-11-14 00:00:00
cvelist
cvelist
CVE-2017-11877
2017-11-15 03:00:00
cve
cve
CVE-2017-11877
2017-11-15 03:29:01
symantec
symantec
Microsoft Excel CVE-2017-11877 Security Bypass Vulnerability
2017-11-14 00:00:00
mscve
mscve
Microsoft Office Excel Security Feature Bypass
2017-11-14 08:00:00
mskb
mskb
Description of the security update for Excel 2007: November 14, 2017
2017-11-14 08:00:00
Description of the security update for Excel 2010: November 14, 2017
2017-11-14 08:00:00
Security update 2017-11-14
2017-11-14 08:00:00
openvas
openvas
Microsoft Excel 2013 Service Pack 1 Multiple Vulnerabilities (KB4011233)
2017-11-15 00:00:00
Microsoft Excel Viewer 2007 Service Pack 3 Multiple Vulnerabilities (KB4011206)
2017-11-15 00:00:00
Microsoft Office Compatibility Pack Service Pack 3 Multiple Vulnerabilities (KB4011205)
2017-11-15 00:00:00
kaspersky
kaspersky
KLA11139 Multiple vulnerabilities in Microsoft Office
2017-11-14 00:00:00
thn
thn
Patch Tuesday: Microsoft Releases Update to Fix 53 Vulnerabilities
2017-11-14 20:46:00
threatpost
threatpost
Microsoft November Patch Tuesday Fixes 20 Critical Vulnerabilities
2017-11-14 17:10:48
trendmicroblog
trendmicroblog
TippingPoint Threat Intelligence and Zero-Day Coverage – Week of November 13, 2017
2017-11-17 16:46:19
talosblog
talosblog
Microsoft Patch Tuesday - November 2017
2017-11-14 11:54:00

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

AI Score

5.8

Confidence

High

EPSS

0.004

Percentile

73.4%

JSON
Related for NVD:CVE-2017-11877
prion1nessus4cvelist1cve1symantec1mscve1mskb7openvas6kaspersky1thn1threatpost1trendmicroblog1talosblog1