{"api_version":"1","generated_at":"2026-04-23T16:53:42+00:00","cve":"CVE-2017-11877","urls":{"html":"https://cve.report/CVE-2017-11877","api":"https://cve.report/api/cve/CVE-2017-11877.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2017-11877","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2017-11877"},"summary":{"title":"CVE-2017-11877","description":"Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, Microsoft Excel 2016, Microsoft Office Compatibility Pack Service Pack 3, Microsoft Excel Viewer 2007 Service Pack 3, and Microsoft Excel 2016 for Mac allow a security feature bypass by not enforcing macro settings on an Excel document, aka \"Microsoft Excel Security Feature Bypass Vulnerability\".","state":"PUBLIC","assigner":"secure@microsoft.com","published_at":"2017-11-15 03:29:00","updated_at":"2023-10-03 15:38:00"},"problem_types":["NVD-CWE-noinfo"],"metrics":[],"references":[{"url":"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11877","name":"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11877","refsource":"CONFIRM","tags":["Issue Tracking","Patch","Vendor Advisory"],"title":"{{windowTitle}}","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securitytracker.com/id/1039783","name":"1039783","refsource":"SECTRACK","tags":["Third Party Advisory","VDB Entry"],"title":"Microsoft Excel Bugs Let Remote Users Bypass Security and Execute Arbitrary Code - SecurityTracker","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/101747","name":"101747","refsource":"BID","tags":["Third Party Advisory","VDB Entry"],"title":"Microsoft Excel CVE-2017-11877 Security Bypass Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2017-11877","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-11877","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2017","cve_id":"11877","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microsoft","cpe5":"excel","cpe6":"2007","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"11877","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microsoft","cpe5":"excel","cpe6":"2010","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"11877","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microsoft","cpe5":"excel","cpe6":"2013","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"11877","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microsoft","cpe5":"excel","cpe6":"2013","cpe7":"sp1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"11877","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microsoft","cpe5":"excel","cpe6":"2016","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"11877","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microsoft","cpe5":"excel","cpe6":"2016","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"mac_os_x","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"11877","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microsoft","cpe5":"excel","cpe6":"2013","cpe7":"sp1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"11877","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microsoft","cpe5":"excel","cpe6":"2016","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"11877","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microsoft","cpe5":"excel","cpe6":"2016","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"mac_os_x","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"11877","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microsoft","cpe5":"excel_2007","cpe6":"-","cpe7":"sp3","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"11877","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microsoft","cpe5":"excel_2007","cpe6":"-","cpe7":"sp3","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"11877","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microsoft","cpe5":"excel_2010","cpe6":"*","cpe7":"sp2","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"11877","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microsoft","cpe5":"excel_2010","cpe6":"*","cpe7":"sp2","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"11877","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microsoft","cpe5":"excel_2013_rt","cpe6":"-","cpe7":"sp1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"11877","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microsoft","cpe5":"excel_2013_rt","cpe6":"-","cpe7":"sp1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"11877","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microsoft","cpe5":"excel_viewer","cpe6":"2007","cpe7":"sp3","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"11877","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microsoft","cpe5":"excel_viewer","cpe6":"2007","cpe7":"sp3","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"11877","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microsoft","cpe5":"office_compatibility_pack","cpe6":"-","cpe7":"sp3","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"11877","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microsoft","cpe5":"office_compatibility_pack","cpe6":"-","cpe7":"sp3","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"secure@microsoft.com","DATE_PUBLIC":"2017-11-14T00:00:00","ID":"CVE-2017-11877","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"Microsoft Office","version":{"version_data":[{"version_value":"Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, Microsoft Excel 2016, Microsoft Office Compatibility Pack Service Pack 3, Microsoft Excel Viewer 2007 Service Pack 3, and Microsoft Excel 2016 for Mac"}]}}]},"vendor_name":"Microsoft Corporation"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, Microsoft Excel 2016, Microsoft Office Compatibility Pack Service Pack 3, Microsoft Excel Viewer 2007 Service Pack 3, and Microsoft Excel 2016 for Mac allow a security feature bypass by not enforcing macro settings on an Excel document, aka \"Microsoft Excel Security Feature Bypass Vulnerability\"."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Security Feature Bypass"}]}]},"references":{"reference_data":[{"name":"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11877","refsource":"CONFIRM","url":"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11877"},{"name":"1039783","refsource":"SECTRACK","url":"http://www.securitytracker.com/id/1039783"},{"name":"101747","refsource":"BID","url":"http://www.securityfocus.com/bid/101747"}]}},"nvd":{"publishedDate":"2017-11-15 03:29:00","lastModifiedDate":"2023-10-03 15:38:00","problem_types":["NVD-CWE-noinfo"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE","baseScore":5.5,"baseSeverity":"MEDIUM"},"exploitabilityScore":1.8,"impactScore":3.6},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE","baseScore":4.3},"severity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:microsoft:office_compatibility_pack:-:sp3:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:microsoft:excel:2013:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:microsoft:excel:2010:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:microsoft:excel:2007:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:microsoft:excel_viewer:2007:sp3:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:microsoft:excel:2016:*:*:*:*:mac_os_x:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2017","CveId":"11877","Ordinal":"109024","Title":"CVE-2017-11877","CVE":"CVE-2017-11877","Year":"2017"},"notes":[{"CveYear":"2017","CveId":"11877","Ordinal":"1","NoteData":"Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, Microsoft Excel 2016, Microsoft Office Compatibility Pack Service Pack 3, Microsoft Excel Viewer 2007 Service Pack 3, and Microsoft Excel 2016 for Mac allow a security feature bypass by not enforcing macro settings on an Excel document, aka \"Microsoft Excel Security Feature Bypass Vulnerability\".","Type":"Description","Title":null},{"CveYear":"2017","CveId":"11877","Ordinal":"2","NoteData":"2017-11-14","Type":"Other","Title":"Published"},{"CveYear":"2017","CveId":"11877","Ordinal":"3","NoteData":"2017-11-15","Type":"Other","Title":"Modified"}]}}}