CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2017-11826

Microsoft Office 2010, SharePoint Enterprise Server 2010, SharePoint Server 2010, Web Applications, Office Web Apps Server 2010 and 2013, Word Viewer, Word 2007, 2010, 2013 and 2016, Word Automation Services, and Office Online Server allow remote code execution when the software fails to properly handle objects in memory.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.897

EPSS Ranking 99.5%

CVSS Severity

CVSS v3 Score 7.8

CVSS v2 Score 9.3

Proposed Action

A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.

Ransomware Campaign

Unknown

References

Products affected by CVE-2017-11826

Microsoft » Office Compatibility Pack » Version: N/A

cpe:2.3:a:microsoft:office_compatibility_pack:-
Microsoft » Office Online Server » Version: 2016

cpe:2.3:a:microsoft:office_online_server:2016
Microsoft » Office Web Apps Server » Version: 2010

cpe:2.3:a:microsoft:office_web_apps_server:2010
Microsoft » Office Web Apps Server » Version: 2013

cpe:2.3:a:microsoft:office_web_apps_server:2013
Microsoft » Office Word Viewer » Version: N/A

cpe:2.3:a:microsoft:office_word_viewer:-
Microsoft » Sharepoint Enterprise Server » Version: 2016

cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016
Microsoft » Sharepoint Server » Version: 2010

cpe:2.3:a:microsoft:sharepoint_server:2010
Microsoft » Sharepoint Server » Version: 2013

cpe:2.3:a:microsoft:sharepoint_server:2013
Microsoft » Word » Version: 2007

cpe:2.3:a:microsoft:word:2007
Microsoft » Word » Version: 2010

cpe:2.3:a:microsoft:word:2010
Microsoft » Word » Version: 2013

cpe:2.3:a:microsoft:word:2013
Microsoft » Word » Version: 2016

cpe:2.3:a:microsoft:word:2016

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2017-11826

Products

Pricing

Contact Us