Vulnerabilites related to Microsoft Corporation - Microsoft Office 2016, Microsoft Office 2016 for Mac
CVE-2017-11825 (GCVE-0-2017-11825)
Vulnerability from cvelistv5
Published
2017-10-13 13:00
Modified
2024-09-17 04:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Remote Code Execution
Summary
Microsoft Office 2016 Click-to-Run (C2R) and Microsoft Office 2016 for Mac allow an attacker to use a specially crafted file to perform actions in the security context of the current user, due to how Microsoft Office handles files in memory, aka "Microsoft Office Remote Code Execution Vulnerability".
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Microsoft Corporation | Microsoft Office 2016, Microsoft Office 2016 for Mac |
Version: Microsoft Office 2016 Click-to-Run (C2R) and Microsoft Office 2016 for Mac |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:19:39.291Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1039539",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1039539"
},
{
"name": "101124",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/101124"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11825"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Microsoft Office 2016, Microsoft Office 2016 for Mac",
"vendor": "Microsoft Corporation",
"versions": [
{
"status": "affected",
"version": "Microsoft Office 2016 Click-to-Run (C2R) and Microsoft Office 2016 for Mac"
}
]
}
],
"datePublic": "2017-10-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Office 2016 Click-to-Run (C2R) and Microsoft Office 2016 for Mac allow an attacker to use a specially crafted file to perform actions in the security context of the current user, due to how Microsoft Office handles files in memory, aka \"Microsoft Office Remote Code Execution Vulnerability\"."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-14T09:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "1039539",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1039539"
},
{
"name": "101124",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/101124"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11825"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"DATE_PUBLIC": "2017-10-10T00:00:00",
"ID": "CVE-2017-11825",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Office 2016, Microsoft Office 2016 for Mac",
"version": {
"version_data": [
{
"version_value": "Microsoft Office 2016 Click-to-Run (C2R) and Microsoft Office 2016 for Mac"
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Office 2016 Click-to-Run (C2R) and Microsoft Office 2016 for Mac allow an attacker to use a specially crafted file to perform actions in the security context of the current user, due to how Microsoft Office handles files in memory, aka \"Microsoft Office Remote Code Execution Vulnerability\"."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1039539",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039539"
},
{
"name": "101124",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101124"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11825",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11825"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2017-11825",
"datePublished": "2017-10-13T13:00:00Z",
"dateReserved": "2017-07-31T00:00:00",
"dateUpdated": "2024-09-17T04:09:50.646Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}