High severity8.8NVD Advisory· Published Nov 15, 2017· Updated May 13, 2026

CVE-2017-11854

Description

Microsoft Word 2007 Service Pack 3, Microsoft Word 2010 Service Pack 2, Microsoft Office 2010 Service Pack 2, and Microsoft Office Compatibility Pack Service Pack 3 allow an attacker to run arbitrary code in the context of the current user by failing to properly handle objects in memory, aka "Microsoft Word Memory Corruption Vulnerability".

Affected products

Microsoft Corporation/Microsoft Officev5
Range: Microsoft Word 2007 Service Pack 3, Microsoft Word 2010 Service Pack 2, Microsoft Office 2010 Service Pack 2, and Microsoft Office Compatibility Pack Service Pack 3
Microsoft/Word2 versions
cpe:2.3:a:microsoft:word:2010:sp2:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:microsoft:word:2010:sp2:*:*:*:*:*:*
- cpe:2.3:a:microsoft:word:2007:sp3:*:*:*:*:*:*
Microsoft/Office
cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:*:*
Microsoft/Office Compatibility Pack
cpe:2.3:a:microsoft:office_compatibility_pack:-:sp3:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11854nvdPatchVendor Advisory
www.securityfocus.com/bid/101746nvdThird Party AdvisoryVDB Entry
www.securitytracker.com/id/1039795nvdThird Party AdvisoryVDB Entry

News mentions

No linked articles in our index yet.

cvss	0.572
epss	0.015
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000