乐胖代购免代理版

Microsoft Office 2007 Service Pack 3, Microsoft Office 2010 Service Pack 2, Microsoft Office 2013 Service Pack 1, and Microsoft Office 2016 allow an attacker to run arbitrary code in the context of the current user by failing to properly handle objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11884.

Published 2017-11-15 03:29:02

Updated 2021-03-16 17:21:46

Source Microsoft Corporation

View at NVD, CVE.org

Vulnerability category: OverflowMemory Corruption

Products affected by CVE-2017-11882

Microsoft » Office » Version: 2007 Update SP3
cpe:2.3:a:microsoft:office:2007:sp3:*:*:*:*:*:*
Matching versions
Microsoft » Office » Version: 2013 Update SP1
cpe:2.3:a:microsoft:office:2013:sp1:*:*:*:*:*:*
Matching versions
Microsoft » Office » Version: 2010 Update SP2
cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:*:*
Matching versions
Microsoft » Office » Version: 2016
cpe:2.3:a:microsoft:office:2016:*:*:*:*:*:*:*
Matching versions

CVE-2017-11882 is in the CISA Known Exploited Vulnerabilities Catalog

This issue is known to have been leveraged as part of a ransomware campaign.

CISA vulnerability name:

Microsoft Office Memory Corruption Vulnerability

CISA required action:

Apply updates per vendor instructions.

CISA description:

Microsoft Office contains a memory corruption vulnerability that allows remote code execution in the context of the current user.

Notes:

https://nvd.nist.gov/vuln/detail/CVE-2017-11882

Added on 2021-11-03 Action due date 2022-05-03

Exploit prediction scoring system (EPSS) score for CVE-2017-11882

EPSS FAQ

97.44%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 100 %

Percentile, the proportion of vulnerabilities that are scored at or less

Metasploit modules for CVE-2017-11882

Microsoft Office CVE-2017-11882

Disclosure Date: 2017-11-15

First seen: 2020-04-26

exploit/windows/fileformat/office_ms17_11882

Module exploits a flaw in how the Equation Editor that allows an attacker to execute arbitrary code in RTF files without interaction. The vulnerability is caused by the Equation Editor, to which fails to properly handle OLE objects in memory. Authors: - mumb

More information

CVSS scores for CVE-2017-11882

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
9.3	HIGH	AV:N/AC:M/Au:N/C:C/I:C/A:C	8.6	10.0	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete
7.8	HIGH	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	1.8	5.9	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2017-11882

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2017-11882

https://researchcenter.paloaltonetworks.com/2017/12/unit42-analysis-of-cve-2017-11882-exploit-in-the-wild/

Analysis of CVE-2017-11882 Exploit in the Wild
Exploit;Third Party Advisory
https://github.com/embedi/CVE-2017-11882

GitHub - embedi/CVE-2017-11882: Proof-of-Concept exploits for CVE-2017-11882
Exploit;Third Party Advisory
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11882

CVE-2017-11882 | Microsoft Office Memory Corruption Vulnerability
Patch;Vendor Advisory
http://www.securityfocus.com/bid/101757

Microsoft Office CVE-2017-11882 Memory Corruption Vulnerability
Third Party Advisory;VDB Entry
https://github.com/rxwx/CVE-2017-11882

GitHub - rxwx/CVE-2017-11882: Proof-of-Concept exploits for CVE-2017-11882
Exploit;Third Party Advisory
https://github.com/0x09AL/CVE-2017-11882-metasploit

GitHub - 0x09AL/CVE-2017-11882-metasploit: This is a Metasploit module which exploits CVE-2017-11882 using the POC released here : https://embedi.com/blog/skeleton-closet-ms-office-vulnerability-you-d
Exploit;Third Party Advisory
https://www.kb.cert.org/vuls/id/421280

VU#421280 - Microsoft Office Equation Editor stack buffer overflow
Third Party Advisory;US Government Resource
http://www.securitytracker.com/id/1039783

Microsoft Excel Bugs Let Remote Users Bypass Security and Execute Arbitrary Code - SecurityTracker
Third Party Advisory;VDB Entry

CVEs referencing this url
https://www.exploit-db.com/exploits/43163/

Microsoft Office - OLE Remote Code Execution
Exploit;Third Party Advisory;VDB Entry
https://0patch.blogspot.com/2017/11/did-microsoft-just-manually-patch-their.html

0patch Blog: Did Microsoft Just Manually Patch Their Equation Editor Executable? Why Yes, Yes They Did. (CVE-2017-11882)
Exploit;Third Party Advisory
https://web.archive.org/web/20181104111128/https://embedi.com/blog/skeleton-closet-ms-office-vulnerability-you-didnt-know-about/

Exploit;Mitigation;Third Party Advisory
https://github.com/unamer/CVE-2017-11882

GitHub - unamer/CVE-2017-11882: CVE-2017-11882 Exploit accepts over 17k bytes long command/code in maximum.
Exploit;Third Party Advisory
http://reversingminds-blog.logdown.com/posts/3907313-fileless-attack-in-word-without-macros-cve-2017-11882

Fileless Code Injection in Word without macros (CVE-2017-11882) « reversingminds's Blog
Exploit;Third Party Advisory
https://0patch.blogspot.com/2017/11/official-patch-for-cve-2017-11882-meets.html

0patch Blog: Microsoft's Manual Binary Patch For CVE-2017-11882 Meets 0patch
Exploit;Patch;Third Party Advisory

Jump to

Vulnerability Details : CVE-2017-11882