Lucene search
Dmitri KaslovZDI-17-929HistoryDec 06, 2017 - 12:00 a.m.
Microsoft Office Excel XLS File Parsing Use-After-Free Remote Code Execution Vulnerability
2017-12-0600:00:00
Dmitri Kaslov
www.zerodayinitiative.com
54
EPSS
0.006
Percentile
77.7%
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XLS files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute under the context of the current process.
Related
symantec
symantec
Microsoft Office CVE-2017-11884 Memory Corruption Vulnerability
2017-11-14 00:00:00
mscve
mscve
Microsoft Excel Remote Code Execution Vulnerability
2017-11-14 08:00:00
prion
prion
Memory corruption
2017-11-15 03:29:00
Memory corruption
2017-11-15 03:29:00
cvelist
cvelist
CVE-2017-11882
2017-11-15 03:00:00
CVE-2017-11884
2017-11-15 03:00:00
cve
cve
CVE-2017-11884
2017-11-15 03:29:01
CVE-2017-11882
2017-11-15 03:29:01
threatpost
threatpost
Microsoft Patches 17-Year-Old Office Bug
2017-11-15 13:11:21
nvd
nvd
CVE-2017-11884
2017-11-15 03:29:01
CVE-2017-11882
2017-11-15 03:29:01
attackerkb
attackerkb
CVE-2017-11882
2017-11-15 00:00:00
nessus
nessus
Security Updates for Microsoft Excel Products (November 2017)
2017-11-14 00:00:00
kaspersky
kaspersky
KLA11139 Multiple vulnerabilities in Microsoft Office
2017-11-14 00:00:00
talosblog
talosblog
Microsoft Patch Tuesday - November 2017
2017-11-14 11:54:00