CVE-2017-11882
Published: 15 November 2017
Summary
CVE-2017-11882 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Microsoft Office. Its CVSS base score is 7.8 (High).
Operationally, ranked in the top 0.0% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and SI-16 (Memory Protection).
Deeper analysis
Microsoft Office 2007 Service Pack 3, Microsoft Office 2010 Service Pack 2, Microsoft Office 2013 Service Pack 1, and Microsoft Office 2016 are affected by CVE-2017-11882, a memory corruption vulnerability tracked under CWE-119. The flaw stems from improper handling of objects in memory and carries a CVSS 3.1 score of 7.8, reflecting local attack vector, low complexity, no required privileges, and required user interaction.
An attacker can exploit the issue by supplying a specially crafted document that triggers the memory corruption when opened in an affected Office application. Successful exploitation grants the ability to execute arbitrary code in the context of the current user, potentially leading to full confidentiality, integrity, and availability impacts on the affected system.
Public references describe both an official Microsoft patch and third-party micropatches such as those from 0patch, along with demonstrations of fileless attack techniques in Word that avoid macros. These sources indicate that applying the vendor update or equivalent micropatch addresses the memory handling defect.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2017-3478
Vulnerability details
Microsoft Office 2007 Service Pack 3, Microsoft Office 2010 Service Pack 2, Microsoft Office 2013 Service Pack 1, and Microsoft Office 2016 allow an attacker to run arbitrary code in the context of the current user by failing to properly…
more
handle objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11884.
- CWE(s)
- KEV Date Added
- 03 November 2021
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires timely installation of the vendor patch (or equivalent micropatch) that corrects the memory-handling defect in affected Office versions.
Implements OS- or process-level memory protections that can block exploitation of the CWE-119 corruption even if a malicious document is opened.
Deploys malicious-code detection on documents that can identify or block the specially crafted files used to trigger the Office memory corruption.