CVE-2017-11882

Опубликовано: 15 нояб. 2017

Источник: nvd

CVSS3: 7.8

CVSS2: 9.3

EPSS Критический

Описание

Microsoft Office 2007 Service Pack 3, Microsoft Office 2010 Service Pack 2, Microsoft Office 2013 Service Pack 1, and Microsoft Office 2016 allow an attacker to run arbitrary code in the context of the current user by failing to properly handle objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11884.

Ссылки

http://reversingminds-blog.logdown.com/posts/3907313-fileless-attack-in-word-without-macros-cve-2017-11882
Exploit
Third Party Advisory
http://www.securityfocus.com/bid/101757
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1039783
Third Party Advisory
VDB Entry
https://0patch.blogspot.com/2017/11/did-microsoft-just-manually-patch-their.html
Exploit
Third Party Advisory
https://0patch.blogspot.com/2017/11/official-patch-for-cve-2017-11882-meets.html
Exploit
Patch
Third Party Advisory
https://github.com/0x09AL/CVE-2017-11882-metasploit
Exploit
Third Party Advisory
https://github.com/embedi/CVE-2017-11882
Exploit
Third Party Advisory
https://github.com/rxwx/CVE-2017-11882
Exploit
Third Party Advisory
https://github.com/unamer/CVE-2017-11882
Exploit
Third Party Advisory
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11882
Patch
Vendor Advisory
https://researchcenter.paloaltonetworks.com/2017/12/unit42-analysis-of-cve-2017-11882-exploit-in-the-wild/
Exploit
Third Party Advisory
https://web.archive.org/web/20181104111128/https://embedi.com/blog/skeleton-closet-ms-office-vulnerability-you-didnt-know-about/
Exploit
Mitigation
Third Party Advisory
https://www.exploit-db.com/exploits/43163/
Exploit
Third Party Advisory
VDB Entry
https://www.kb.cert.org/vuls/id/421280
Third Party Advisory
US Government Resource
http://reversingminds-blog.logdown.com/posts/3907313-fileless-attack-in-word-without-macros-cve-2017-11882
Exploit
Third Party Advisory
http://www.securityfocus.com/bid/101757
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1039783
Third Party Advisory
VDB Entry
https://0patch.blogspot.com/2017/11/did-microsoft-just-manually-patch-their.html
Exploit
Third Party Advisory
https://0patch.blogspot.com/2017/11/official-patch-for-cve-2017-11882-meets.html
Exploit
Patch
Third Party Advisory
https://github.com/0x09AL/CVE-2017-11882-metasploit
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:microsoft:office:2007:sp3:*:*:*:*:*:*

cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:*:*

cpe:2.3:a:microsoft:office:2013:sp1:*:*:*:*:*:*

cpe:2.3:a:microsoft:office:2016:*:*:*:*:*:*:*

EPSS

Процентиль: 100%

0.94384

Критический

7.8 High

CVSS3

9.3 Critical

CVSS2

Дефекты

CWE-119

Связанные уязвимости

CVE-2017-11882

msrc

больше 7 лет назад

Microsoft Office Memory Corruption Vulnerability

GHSA-vjph-m3mp-rqj5

CVSS3: 7.8

github

около 3 лет назад

BDU:2018-00096

CVSS3: 7.1

fstec