Vulnerability Details : CVE-2017-11825
Microsoft Office 2016 Click-to-Run (C2R) and Microsoft Office 2016 for Mac allow an attacker to use a specially crafted file to perform actions in the security context of the current user, due to how Microsoft Office handles files in memory, aka "Microsoft Office Remote Code Execution Vulnerability".
Vulnerability category: OverflowExecute code
Exploit prediction scoring system (EPSS) score for CVE-2017-11825
Probability of exploitation activity in the next 30 days: 11.24%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 95 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2017-11825
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Source |
|---|---|---|---|---|---|
|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
[email protected] |
|
7.8
|
HIGH | CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
[email protected] |
CWE ids for CVE-2017-11825
-
The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.Assigned by: [email protected] (Primary)
References for CVE-2017-11825
-
http://www.securitytracker.com/id/1039539
Third Party Advisory;VDB Entry
-
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11825
Patch;Vendor Advisory
-
http://www.securityfocus.com/bid/101124
Third Party Advisory;VDB Entry
Products affected by CVE-2017-11825
- cpe:2.3:a:microsoft:office:2016:*:*:*:click-to-run:*:*:*
- cpe:2.3:a:microsoft:office_for_mac:2016:*:*:*:*:*:*:*