New Search

Microsoft Office Memory Corruption Vulnerability – CVE-2017-11826

oval:org.cisecurity:def:3395

A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights an attacker could take control of the affected system. An attacker could then install programs; view change or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Family:
windows
Status:
ACCEPTED
Platform(s):
  • Microsoft Windows 8
  • Microsoft Windows 8.1
  • Microsoft Windows 10
  • Microsoft Windows Server 2016
  • Microsoft Windows Server 2012 R2
  • Microsoft Windows Server 2008
  • Microsoft Windows 7
  • Microsoft Windows Server 2008 R2
  • Microsoft Windows Server 2012
Class:
vulnerability
Reference(s):
  • CVE-2017-11826
Product(s):
  • Microsoft SharePoint Server 2010
  • Microsoft SharePoint Server 2013
  • Microsoft Word Viewer
  • Microsoft Word 2016
  • Microsoft Word 2013
  • Microsoft Word 2010
  • Microsoft Office Web Apps Server 2010
  • Microsoft Word 2007
  • Microsoft SharePoint Server 2016
  • Microsoft Office Web Apps Server 2013
  • Microsoft Office Compatibility Pack