Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
829
VMScore

CVE-2017-11826

Published: 13/10/2017 Updated: 12/12/2017
CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
VMScore: 829
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Subscribe to Word

Vulnerability Summary

Microsoft Office 2010, SharePoint Enterprise Server 2010, SharePoint Server 2010, Web Applications, Office Web Apps Server 2010 and 2013, Word Viewer, Word 2007, 2010, 2013 and 2016, Word Automation Services, and Office Online Server allow remote code execution when the software fails to properly handle objects in memory.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

microsoft word 2016

microsoft word viewer

microsoft office online server

microsoft office web apps

microsoft word 2007

microsoft web applications

microsoft sharepoint enterprise server 2010

microsoft word 2010

microsoft word 2013

microsoft sharepoint server 2010

microsoft office 2010

microsoft office web apps 2010

microsoft office web apps 2013

Github Repositories

https://github.com/abhishek283/AmexCodeChallange

HI,

AmexCodeChallange This project is made as part of ame project Challange Description: Use the CVE api located on circllu to pull back information on the following CVEs: CVE-2017-11305 CVE-2017-15103 CVE-2017-11913 CVE-2017-11826 Have the script format the output into a human-readable report Also, search the computers below to see if they are vulnerable to any of the CVEs lis

https://github.com/ndhung/VNMDocSummarize

summa - textrank TextRank implementation for text summarization and keyword extraction in Python An online version can be tested here Features Text summarization Keyword extraction Text modeling with graph and gexf exportation Examples Text summarization: >>> text = """CMC InfoSec cho hay, ngày hôm qua, 10/10/2017, Microsof

https://github.com/thatskriptkid/CVE-2017-11826

Exploit for CVE-2017-11826

CVE-2017-11826 Exploit for CVE-2017-11826 RU article about it: wwworderofsixanglescom/ru/2018/02/09/ms-cve-2017-11826html

https://github.com/pandazheng/Threat-Intelligence-Analyst

威胁情报,恶意样本分析,开源Malware代码收集

Threat-Intelligence-Analyst 威胁情报,恶意样本分析,自动化python脚本,开源Malware代码收集,APT攻击安例相关 TI威胁情报 startme/p/rxRbpo/ti Analyzing Malicious Password Protected Office Documents r3mrumwordpresscom/2017/06/29/analyzing-malicious-password-protected-office-documents/ Hack githubcom/Hack-with-Github/Awesom

Recent Articles

It's 2017... And Windows PCs can be pwned via DNS, webpages, Office docs, fonts – and some TPM keys are fscked too
The Register • Shaun Nichols in San Francisco • 10 Oct 2017

But at least there's no Flash update (not this week, anyway)

Microsoft today released patches for more than 60 CVE-listed vulnerabilities in its software. Meanwhile, Adobe is skipping October's Patch Tuesday altogether. Among the latest holes that need papering over via Windows Update are three vulnerabilities already publicly disclosed – with one being exploited right now by hackers to infect vulnerable machines. That flaw, CVE-2017-11826, is leveraged when a booby-trapped Microsoft Office document is opened, allowing malicious code within it to run wi...

Read more...

References

CWE-119https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11826http://www.securitytracker.com/id/1039541http://www.securityfocus.com/bid/101219https://securingtomorrow.mcafee.com/mcafee-labs/analyzing-microsoft-office-zero-day-exploit-cve-2017-11826-memory-corruption-vulnerability/https://0patch.blogspot.com/2017/11/0patching-pretty-nasty-microsoft-word.htmlhttps://www.tarlogic.com/en/blog/exploiting-word-cve-2017-11826/https://nvd.nist.govhttps://www.theregister.co.uk/2017/10/10/october_2017_microsoft_windows_patch_tuesday/https://github.com/abhishek283/AmexCodeChallange
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
hardcodedarbitrary codeCVE-2024-2404CVE-2024-21111CVE-2024-28627CVE-2024-4073information disclosureCVE-2024-32780CVE-2024-4040
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook