VYPR
High severity8.8NVD Advisory· Published Nov 15, 2017· Updated Jun 17, 2026

CVE-2017-11854

CVE-2017-11854

Description

Microsoft Word 2007 Service Pack 3, Microsoft Word 2010 Service Pack 2, Microsoft Office 2010 Service Pack 2, and Microsoft Office Compatibility Pack Service Pack 3 allow an attacker to run arbitrary code in the context of the current user by failing to properly handle objects in memory, aka "Microsoft Word Memory Corruption Vulnerability".

Affected products

8
  • Microsoft/Office2 versions
    cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:*:*
    • (no CPE)range: 2010 SP2
  • cpe:2.3:a:microsoft:office_compatibility_pack:-:sp3:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:microsoft:office_compatibility_pack:-:sp3:*:*:*:*:*:*
    • (no CPE)range: Service Pack 3
  • Microsoft/Word3 versions
    cpe:2.3:a:microsoft:word:2007:sp3:*:*:*:*:*:*+ 2 more
    • cpe:2.3:a:microsoft:word:2007:sp3:*:*:*:*:*:*
    • cpe:2.3:a:microsoft:word:2010:sp2:*:*:*:*:*:*
    • (no CPE)range: 2007 SP3, 2010 SP2
  • Microsoft Corporation/Microsoft Officev5
    Range: Microsoft Word 2007 Service Pack 3, Microsoft Word 2010 Service Pack 2, Microsoft Office 2010 Service Pack 2, and Microsoft Office Compatibility Pack Service Pack 3

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.