High severity8.8NVD Advisory· Published Nov 15, 2017· Updated Jun 17, 2026
CVE-2017-11854
CVE-2017-11854
Description
Microsoft Word 2007 Service Pack 3, Microsoft Word 2010 Service Pack 2, Microsoft Office 2010 Service Pack 2, and Microsoft Office Compatibility Pack Service Pack 3 allow an attacker to run arbitrary code in the context of the current user by failing to properly handle objects in memory, aka "Microsoft Word Memory Corruption Vulnerability".
Affected products
8cpe:2.3:a:microsoft:office_compatibility_pack:-:sp3:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:microsoft:office_compatibility_pack:-:sp3:*:*:*:*:*:*
- (no CPE)range: Service Pack 3
- Microsoft Corporation/Microsoft Officev5Range: Microsoft Word 2007 Service Pack 3, Microsoft Word 2010 Service Pack 2, Microsoft Office 2010 Service Pack 2, and Microsoft Office Compatibility Pack Service Pack 3
Patches
Vulnerability mechanics
References
3- portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11854nvdPatchVendor Advisory
- www.securityfocus.com/bid/101746nvdThird Party AdvisoryVDB Entry
- www.securitytracker.com/id/1039795nvdThird Party AdvisoryVDB Entry
News mentions
0No linked articles in our index yet.