Published: 12/12/2017 Updated: 27/12/2017

CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8

CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8

VMScore: 356

Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N

Microsoft Office 2016 Click-to-Run (C2R) allows an information disclosure vulnerability due to the way Microsoft Office enforces DRM copy/paste permissions, aka "Microsoft Office Information Disclosure Vulnerability".

Vulnerable Product	Search on Vulmon	Subscribe to Product
microsoft office 2016

Put down the eggnog, it's Patch Tuesday: Fix Windows boxes ASAP

The Register • Shaun Nichols in San Francisco • 13 Dec 2017

IE haunted by ghosts of past bugs – plus remote-code exec holes that'll chill your blood

Microsoft has kicked out its December batch of software security fixes, the final Patch Tuesday of 2017. Redmond has addressed 32 CVE-listed vulnerabilities in Edge, Windows, and Office, as well as a hole in Internet Explorer last seen in the early-oughts. Get patching as soon as possible. Leading this month's Patch Tuesday charge is CVE-2017-11927, a bug in Windows that can be exploited by an attacker to snatch a victim's NTLM hash, which could be cracked offline to reveal their password. A mar...

CVE-2017-11939

Vulnerability Summary

Recent Articles

References

Vulmon Search

About

Products

Connect