Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
mscveMicrosoftMS:CVE-2017-11877
HistoryNov 14, 2017 - 8:00 a.m.

Microsoft Office Excel Security Feature Bypass

2017-11-1408:00:00
Microsoft
msrc.microsoft.com
16

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

EPSS

0.004

Percentile

73.4%

JSON

A security feature bypass vulnerability exists in Microsoft Office software by not enforcing macro settings on an Excel document. The security feature bypass by itself does not allow arbitrary code execution. To successfully exploit the vulnerability, an attacker would have to embed a control in an Excel worksheet that specifies a macro should be run. To exploit the vulnerability, an attacker would have to convince a user to open a specially crafted file with an affected version of Microsoft Office software. The security update addresses the vulnerability by enforcing macro settings on Excel documents.

Related

prion 1
nessus 4
symantec 1
cvelist 1
nvd 1
cve 1
mskb 7
openvas 6
kaspersky 1
thn 1
threatpost 1
trendmicroblog 1
talosblog 1
prion
prion
Security feature bypass
2017-11-15 03:29:00
nessus
nessus
Security Update for Microsoft Office (November 2017) (macOS)
2017-11-14 00:00:00
Security Updates for Microsoft Office Viewer Products (November 2017)
2017-11-14 00:00:00
Security Updates for Microsoft Excel Products (November 2017)
2017-11-14 00:00:00
symantec
symantec
Microsoft Excel CVE-2017-11877 Security Bypass Vulnerability
2017-11-14 00:00:00
cvelist
cvelist
CVE-2017-11877
2017-11-15 03:00:00
nvd
nvd
CVE-2017-11877
2017-11-15 03:29:01
cve
cve
CVE-2017-11877
2017-11-15 03:29:01
mskb
mskb
Description of the security update for Excel 2007: November 14, 2017
2017-11-14 08:00:00
Description of the security update for Excel 2010: November 14, 2017
2017-11-14 08:00:00
Description of the security update for Excel 2016: March 13, 2018
2018-03-13 07:00:00
openvas
openvas
Microsoft Excel 2013 Service Pack 1 Multiple Vulnerabilities (KB4011233)
2017-11-15 00:00:00
Microsoft Excel Viewer 2007 Service Pack 3 Multiple Vulnerabilities (KB4011206)
2017-11-15 00:00:00
Microsoft Office Compatibility Pack Service Pack 3 Multiple Vulnerabilities (KB4011205)
2017-11-15 00:00:00
kaspersky
kaspersky
KLA11139 Multiple vulnerabilities in Microsoft Office
2017-11-14 00:00:00
thn
thn
Patch Tuesday: Microsoft Releases Update to Fix 53 Vulnerabilities
2017-11-14 20:46:00
threatpost
threatpost
Microsoft November Patch Tuesday Fixes 20 Critical Vulnerabilities
2017-11-14 17:10:48
trendmicroblog
trendmicroblog
TippingPoint Threat Intelligence and Zero-Day Coverage – Week of November 13, 2017
2017-11-17 16:46:19
talosblog
talosblog
Microsoft Patch Tuesday - November 2017
2017-11-14 11:54:00

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

EPSS

0.004

Percentile

73.4%

JSON
Related for MS:CVE-2017-11877
prion1nessus4symantec1cvelist1nvd1cve1mskb7openvas6kaspersky1thn1threatpost1trendmicroblog1talosblog1