CVE-2017-11939

Опубликовано: 12 дек. 2017

Источник: nvd

CVSS3: 6.5

CVSS2: 4

EPSS Низкий

Описание

Microsoft Office 2016 Click-to-Run (C2R) allows an information disclosure vulnerability due to the way Microsoft Office enforces DRM copy/paste permissions, aka "Microsoft Office Information Disclosure Vulnerability".

Ссылки

http://www.securityfocus.com/bid/102105
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1039994
Third Party Advisory
VDB Entry
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11939
Issue Tracking
Patch
Vendor Advisory
http://www.securityfocus.com/bid/102105
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1039994
Third Party Advisory
VDB Entry
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11939
Issue Tracking
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:microsoft:office:2016:c2r:*:*:*:*:*:*

EPSS

Процентиль: 83%

0.02117

Низкий

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-200

Связанные уязвимости

CVE-2017-11939

msrc

больше 7 лет назад

Microsoft Office Information Disclosure Vulnerability

GHSA-r4cm-gxv3-c6qg