CVE-2017-11878
Summary
| CVE | CVE-2017-11878 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2017-11-15 03:29:00 UTC |
| Updated | 2023-10-03 15:38:00 UTC |
| Description | Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, Microsoft Excel 2016, Microsoft Office Compatibility Pack Service Pack 3, and Microsoft Excel Viewer 2007 Service Pack 3 allow an attacker to run arbitrary code in the context of the current user by failing to properly handle objects in memory, aka "Microsoft Excel Memory Corruption Vulnerability". |
Risk And Classification
Problem Types: CWE-119
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Microsoft | Excel | 2007 | All | All | All |
| Application | Microsoft | Excel | 2010 | All | All | All |
| Application | Microsoft | Excel | 2013 | All | All | All |
| Application | Microsoft | Excel | 2013 | sp1 | All | All |
| Application | Microsoft | Excel | 2016 | All | All | All |
| Application | Microsoft | Excel | 2013 | sp1 | All | All |
| Application | Microsoft | Excel | 2016 | All | All | All |
| Application | Microsoft | Excel 2007 | - | sp3 | All | All |
| Application | Microsoft | Excel 2007 | - | sp3 | All | All |
| Application | Microsoft | Excel 2010 | All | sp2 | All | All |
| Application | Microsoft | Excel 2010 | All | sp2 | All | All |
| Application | Microsoft | Excel 2013 Rt | - | sp1 | All | All |
| Application | Microsoft | Excel 2013 Rt | - | sp1 | All | All |
| Application | Microsoft | Excel Viewer | 2007 | sp3 | All | All |
| Application | Microsoft | Excel Viewer | 2007 | sp3 | All | All |
| Application | Microsoft | Office Compatibility Pack | - | sp3 | All | All |
| Application | Microsoft | Office Compatibility Pack | - | sp3 | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Microsoft Excel CVE-2017-11878 Memory Corruption Vulnerability | BID | www.securityfocus.com | Third Party Advisory, VDB Entry |
| Microsoft Excel Bugs Let Remote Users Bypass Security and Execute Arbitrary Code - SecurityTracker | SECTRACK | www.securitytracker.com | Issue Tracking, Third Party Advisory, VDB Entry |
| {{windowTitle}} | CONFIRM | portal.msrc.microsoft.com | Issue Tracking, Patch, Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.