High severity7.8NVD Advisory· Published Nov 15, 2017· Updated May 13, 2026

CVE-2017-11884

Description

Microsoft Excel 2016 Click-to-Run (C2R) allows an attacker to run arbitrary code in the context of the current user by failing to properly handle objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11882.

Affected products

Microsoft/Excel
cpe:2.3:a:microsoft:excel:2016:*:*:*:click-to-run:*:*:*
Microsoft Corporation/Microsoft Officev5
Range: Microsoft Excel 2016 Click-to-Run (C2R)

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11884nvdPatchVendor Advisory
www.securityfocus.com/bid/101766nvdThird Party AdvisoryVDB Entry
www.securitytracker.com/id/1039783nvdThird Party AdvisoryVDB Entry

News mentions

No linked articles in our index yet.

cvss	0.507
epss	0.040
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000