High severity7.8CISA KEVNVD Advisory· Published Nov 15, 2017· Updated Apr 22, 2026
CVE-2017-11882
CVE-2017-11882
Description
Microsoft Office 2007 Service Pack 3, Microsoft Office 2010 Service Pack 2, Microsoft Office 2013 Service Pack 1, and Microsoft Office 2016 allow an attacker to run arbitrary code in the context of the current user by failing to properly handle objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11884.
Affected products
4Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
11- portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11882nvdPatchVendor Advisory
- reversingminds-blog.logdown.com/posts/3907313-fileless-attack-in-word-without-macros-cve-2017-11882nvdExploitThird Party Advisory
- 0patch.blogspot.com/2017/11/did-microsoft-just-manually-patch-their.htmlnvdExploitThird Party Advisory
- 0patch.blogspot.com/2017/11/official-patch-for-cve-2017-11882-meets.htmlnvdExploitPatchThird Party Advisory
- researchcenter.paloaltonetworks.com/2017/12/unit42-analysis-of-cve-2017-11882-exploit-in-the-wild/nvdExploitThird Party Advisory
- web.archive.org/web/20181104111128/https://embedi.com/blog/skeleton-closet-ms-office-vulnerability-you-didnt-know-about/nvdExploitMitigationThird Party Advisory
- www.exploit-db.com/exploits/43163/nvdExploitThird Party AdvisoryVDB Entry
- www.securityfocus.com/bid/101757nvdThird Party AdvisoryVDB Entry
- www.securitytracker.com/id/1039783nvdThird Party AdvisoryVDB Entry
- www.kb.cert.org/vuls/id/421280nvdThird Party AdvisoryUS Government Resource
- www.cisa.gov/known-exploited-vulnerabilities-catalognvdUS Government Resource
News mentions
0No linked articles in our index yet.