Known Exploited Vulnerability
7.8
HIGH
CVE-2017-11882
Microsoft Office Memory Corruption Vulnerability - [Actively Exploited]
Description

Microsoft Office 2007 Service Pack 3, Microsoft Office 2010 Service Pack 2, Microsoft Office 2013 Service Pack 1, and Microsoft Office 2016 allow an attacker to run arbitrary code in the context of the current user by failing to properly handle objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11884.

INFO

Published Date :

Nov. 15, 2017, 3:29 a.m.

Last Modified :

Nov. 21, 2024, 3:08 a.m.

Remotely Exploitable :

No

Impact Score :

5.9

Exploitability Score :

1.8
CISA Notification
CISA KEV (Known Exploited Vulnerabilities)

For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild.

Description :

Microsoft Office contains a memory corruption vulnerability that allows remote code execution in the context of the current user.

Required Action :

Apply updates per vendor instructions.

Notes :

https://nvd.nist.gov/vuln/detail/CVE-2017-11882

Public PoC/Exploit Available at Github

CVE-2017-11882 has a 168 public PoC/Exploit available at Github. Go to the Public Exploits tab to see the list.

Affected Products

The following products are affected by CVE-2017-11882 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Microsoft office
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2017-11882.

URL Resource
http://reversingminds-blog.logdown.com/posts/3907313-fileless-attack-in-word-without-macros-cve-2017-11882 Exploit Third Party Advisory
http://www.securityfocus.com/bid/101757 Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1039783 Third Party Advisory VDB Entry
https://0patch.blogspot.com/2017/11/did-microsoft-just-manually-patch-their.html Exploit Third Party Advisory
https://0patch.blogspot.com/2017/11/official-patch-for-cve-2017-11882-meets.html Exploit Patch Third Party Advisory
https://github.com/0x09AL/CVE-2017-11882-metasploit Exploit Third Party Advisory
https://github.com/embedi/CVE-2017-11882 Exploit Third Party Advisory
https://github.com/rxwx/CVE-2017-11882 Exploit Third Party Advisory
https://github.com/unamer/CVE-2017-11882 Exploit Third Party Advisory
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11882 Patch Vendor Advisory
https://researchcenter.paloaltonetworks.com/2017/12/unit42-analysis-of-cve-2017-11882-exploit-in-the-wild/ Exploit Third Party Advisory
https://web.archive.org/web/20181104111128/https://embedi.com/blog/skeleton-closet-ms-office-vulnerability-you-didnt-know-about/ Exploit Mitigation Third Party Advisory
https://www.exploit-db.com/exploits/43163/ Exploit Third Party Advisory VDB Entry
https://www.kb.cert.org/vuls/id/421280 Third Party Advisory US Government Resource
http://reversingminds-blog.logdown.com/posts/3907313-fileless-attack-in-word-without-macros-cve-2017-11882 Exploit Third Party Advisory
http://www.securityfocus.com/bid/101757 Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1039783 Third Party Advisory VDB Entry
https://0patch.blogspot.com/2017/11/did-microsoft-just-manually-patch-their.html Exploit Third Party Advisory
https://0patch.blogspot.com/2017/11/official-patch-for-cve-2017-11882-meets.html Exploit Patch Third Party Advisory
https://github.com/0x09AL/CVE-2017-11882-metasploit Exploit Third Party Advisory
https://github.com/embedi/CVE-2017-11882 Exploit Third Party Advisory
https://github.com/rxwx/CVE-2017-11882 Exploit Third Party Advisory
https://github.com/unamer/CVE-2017-11882 Exploit Third Party Advisory
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11882 Patch Vendor Advisory
https://researchcenter.paloaltonetworks.com/2017/12/unit42-analysis-of-cve-2017-11882-exploit-in-the-wild/ Exploit Third Party Advisory
https://web.archive.org/web/20181104111128/https://embedi.com/blog/skeleton-closet-ms-office-vulnerability-you-didnt-know-about/ Exploit Mitigation Third Party Advisory
https://www.exploit-db.com/exploits/43163/ Exploit Third Party Advisory VDB Entry
https://www.kb.cert.org/vuls/id/421280 Third Party Advisory US Government Resource

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

None

Updated: 2 months, 2 weeks ago
0 stars 0 fork 0 watcher
Born at : Oct. 1, 2024, 10:05 a.m. This repo has been linked 1 different CVEs too.

Performed basic static and dynamic malware analysis using Remnux, identified malicious RTF exploits and tracked associated IPs and domains for comprehensive threat assessment.

Updated: 2 months, 3 weeks ago
0 stars 0 fork 0 watcher
Born at : Sept. 22, 2024, 8:24 p.m. This repo has been linked 1 different CVEs too.

None

Updated: 1 week, 6 days ago
0 stars 0 fork 0 watcher
Born at : Sept. 3, 2024, 4:31 a.m. This repo has been linked 2 different CVEs too.

Examining the phases of an attack using “Dragonfish's Elise Malware”, specifically, exploring the exploitation of vulnerability CVE-2017-11882.

Updated: 5 months ago
0 stars 0 fork 0 watcher
Born at : July 11, 2024, 4:15 p.m. This repo has been linked 1 different CVEs too.

cobalt_strike_tutorials

Updated: 5 months, 1 week ago
0 stars 0 fork 0 watcher
Born at : July 9, 2024, 10:10 a.m. This repo has been linked 5 different CVEs too.

This is a simulation of attack by (Ember Bear) APT group targeting energy Organizations in Ukraine the attack campaign was active from least March 2021, The attack chain starts wit spear phishing email sent to an employee of the organization, which used a social engineering theme that suggested the individual had committed a crime

Batchfile Python C++ PowerShell

Updated: 1 month ago
8 stars 3 fork 3 watcher
Born at : June 16, 2024, 11:42 p.m. This repo has been linked 1 different CVEs too.

Malware Analysis Lab with REMNUX. Performed Static Analysis.

Updated: 5 months, 2 weeks ago
0 stars 0 fork 0 watcher
Born at : May 24, 2024, 4:33 a.m. This repo has been linked 2 different CVEs too.

None

Updated: 7 months, 3 weeks ago
0 stars 0 fork 0 watcher
Born at : April 20, 2024, 11:13 p.m. This repo has been linked 2 different CVEs too.

None

Updated: 7 months, 3 weeks ago
0 stars 0 fork 0 watcher
Born at : April 19, 2024, 9:51 p.m. This repo has been linked 2 different CVEs too.

Instructions, Guide and report of Project

Updated: 8 months, 3 weeks ago
0 stars 0 fork 0 watcher
Born at : March 24, 2024, 12:31 p.m. This repo has been linked 1 different CVEs too.

None

Updated: 10 months, 3 weeks ago
0 stars 0 fork 0 watcher
Born at : Jan. 21, 2024, 4:57 p.m. This repo has been linked 6 different CVEs too.

The following was is the Phishing Prevention room in the Try Hack Me Soc 1 path.

Updated: 1 year ago
0 stars 0 fork 0 watcher
Born at : Nov. 23, 2023, 7:52 a.m. This repo has been linked 1 different CVEs too.

Config files for my GitHub profile.

config github-config

Updated: 1 year, 1 month ago
0 stars 0 fork 0 watcher
Born at : Nov. 17, 2023, 2:06 a.m. This repo has been linked 2 different CVEs too.

RedTeam link

Updated: 7 months, 4 weeks ago
1 stars 0 fork 0 watcher
Born at : Nov. 7, 2023, 2:12 p.m. This repo has been linked 34 different CVEs too.

None

Updated: 1 year, 1 month ago
0 stars 0 fork 0 watcher
Born at : Oct. 30, 2023, 9:52 p.m. This repo has been linked 1 different CVEs too.

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2017-11882 vulnerability anywhere in the article.

  • Cybersecurity News
New Report Reveals SmokeLoader’s Advanced Tactics in Taiwan Campaign

Attack flow | Image: FortiGuard LabsA recent report by FortiGuard Labs has highlighted a targeted cyberattack involving the infamous SmokeLoader malware. This campaign, observed in September 2024, aim ... Read more

Published Date: Dec 03, 2024 (2 weeks, 1 day ago)
  • Hackread - Latest Cybersecurity, Tech, Crypto & Hacking News
SmokeLoader Malware Exploits MS Office Flaws to Steal Browser Credentials

SUMMARY Targeted Campaign: SmokeLoader malware attacks Taiwanese industries, including manufacturing, healthcare, and IT. Phishing Emails: The campaign uses phishing emails exploiting MS Office vulner ... Read more

Published Date: Dec 02, 2024 (2 weeks, 1 day ago)
  • The Hacker News
SmokeLoader Malware Resurfaces, Targeting Manufacturing and IT in Taiwan

Taiwanese entities in manufacturing, healthcare, and information technology sectors have become the target of a new campaign distributing the SmokeLoader malware. "SmokeLoader is well-known for its ve ... Read more

Published Date: Dec 02, 2024 (2 weeks, 1 day ago)
  • The Cyber Express
Critical ICS Vulnerabilities Discovered in Schneider Electric, mySCADA, and Automated Logic Products

A recent Cyble ICS vulnerabilities report sheds light on several critical vulnerabilities in industrial control systems (ICS) from major vendors including Schneider Electric, mySCADA, and Automated Lo ... Read more

Published Date: Nov 29, 2024 (2 weeks, 5 days ago)
  • The Cyber Express
Zyxel Firewalls Targeted by Helldown Ransomware: CVE-2024-11667 Exploited

Zyxel Firewalls have become a key target in recent cyberattacks, with attackers exploiting a critical vulnerability to deploy the dangerous Helldown ransomware. The German CERT (CERT-Bund) has issued ... Read more

Published Date: Nov 29, 2024 (2 weeks, 5 days ago)
  • The Cyber Express
Australia’s New Cyber Security Act: Mandatory Ransom Payment Reporting

The Australian government has passed the new Cyber Security Act, which was recently approved by Parliament. One of the most critical provisions of this new law mandates that organizations must report ... Read more

Published Date: Nov 28, 2024 (2 weeks, 6 days ago)
  • The Cyber Express
Critical Flaw in Oracle Agile PLM Framework Exposes Sensitive Data: Patch Now

Oracle’s Agile Product Lifecycle Management (PLM) software has been flagged for a security vulnerability (CVE-2024-21287) by CERT-In (Computer Emergency Response Team – India). The vulnerability, cata ... Read more

Published Date: Nov 28, 2024 (2 weeks, 6 days ago)
  • The Cyber Express
Hackers Exploit Firefox and Windows Flaws: RomCom’s Advanced Attack Unveiled

A Russia-aligned hacking group, known as RomCom (also identified as Storm-0978, Tropical Scorpius, or UNC2596), has successfully exploited two zero-day vulnerabilities—one in Mozilla Firefox and anoth ... Read more

Published Date: Nov 27, 2024 (3 weeks ago)
  • The Cyber Express
AI Red Teaming in Focus: Why CISA Advocates a Secure by Design Approach

Artificial Intelligence (AI) has become a critical enabler across sectors, reshaping industries from healthcare to transportation. However, with its transformative potential comes a spectrum of safety ... Read more

Published Date: Nov 27, 2024 (3 weeks ago)
  • The Cyber Express
CISA Adds Array Networks’ CVE-2023-28461 to KEV List: Critical Patching Urged

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently added a critical security flaw, CVE-2023-28461, to its Known Exploited Vulnerabilities (KEV) catalog. This vulnerability i ... Read more

Published Date: Nov 26, 2024 (3 weeks, 1 day ago)
  • The Cyber Express
Apple Security Update: Addressing Critical Vulnerabilities in Apple Software

Apple recently rolled out a security update that addresses critical vulnerabilities in multiple Apple devices. Released on November 19, the Apple security update impacts various platforms, including i ... Read more

Published Date: Nov 20, 2024 (3 weeks, 6 days ago)
  • The Cyber Express
Palo Alto Reports Two More Bugs in PAN-OS That Are Being Actively Exploited

An alarming set of chained vulnerabilities in Palo Alto Networks’ PAN-OS software has sparked concerns that attackers could seize administrator privileges through an authentication bypass. The first v ... Read more

Published Date: Nov 18, 2024 (4 weeks, 1 day ago)
  • The Cyber Express
High-Severity Vulnerability in Cisco ECE Could Lead to Denial of Service, CERT-In Issues Alert

The Computer Emergency Response Team of India (CERT-In) has issued a high-severity alert regarding a newly identified vulnerability in Cisco’s Enterprise Chat and Email (ECE) platform. Tagged as CERT- ... Read more

Published Date: Nov 15, 2024 (1 month ago)
  • The Cyber Express
Key ICS Vulnerabilities Identified in Latest CISA Advisories

The Cybersecurity and Infrastructure Security Agency (CISA) has recently issued a series of security advisories, shedding light on several critical vulnerabilities affecting Industrial Control Systems ... Read more

Published Date: Nov 14, 2024 (1 month ago)
  • The Cyber Express
CISA Alerts: Five Newly Exploited Vulnerabilities Added to Critical Watchlist

The Cybersecurity and Infrastructure Security Agency (CISA) has announced the addition of five new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog due to evidence of their active ... Read more

Published Date: Nov 13, 2024 (1 month ago)
  • The Cyber Express
Top 15 Exploited Cyber Vulnerabilities Revealed: Five Eyes Alliance Urges Immediate Patching

The FBI, NSA, and allied agencies within the Five Eyes intelligence network have published a list of the 15 most exploited vulnerabilities from 2023. The cybersecurity advisory, a collaborative effort ... Read more

Published Date: Nov 13, 2024 (1 month ago)
  • The Cyber Express
Microsoft’s November 2024 Patch Tuesday Addresses 91 Vulnerabilities, Including Four Critical Zero-Days

Microsoft rolled out its monthly security updates as part of the Microsoft November 2024 Patch Tuesday cycle. The company addressed a total of 91 vulnerabilities, with four of them being classified as ... Read more

Published Date: Nov 13, 2024 (1 month ago)
  • The Cyber Express
HPE Issues Urgent Patches for Critical Vulnerabilities in Aruba Networking Access Points

Hewlett Packard Enterprise (HPE) has issued critical security patches to address several vulnerabilities affecting its Aruba Networking Access Point products. These vulnerabilities (CVE-2024-42509 and ... Read more

Published Date: Nov 12, 2024 (1 month ago)
  • The Cyber Express
Google Chrome Users at Risk: CERT-In Advises Urgent Update to Fix Security Flaws

The Indian Computer Emergency Response Team (CERT-In) has issued a warning about newly discovered vulnerabilities in Google Chrome that could pose significant risks to users. These vulnerabilities, id ... Read more

Published Date: Nov 12, 2024 (1 month ago)
  • The Cyber Express
Critical WPLMS WordPress Theme Vulnerability Puts Websites at Risk of RCE Attacks

A newly discovered vulnerability in the WPLMS WordPress theme threatens websites with potential Remote Code Execution (RCE) due to a critical path traversal flaw. CVE-2024-10470, a vulnerability in th ... Read more

Published Date: Nov 11, 2024 (1 month ago)
  • The Cyber Express
D-Link to Not Fix Critical Bug Found in End-of-Life NAS Devices

A severe security flaw in outdated D-Link network-attached storage (NAS) devices leaves over 61,000 units exposed online with no patches. Researchers have identified a command injection vulnerability ... Read more

Published Date: Nov 11, 2024 (1 month ago)
  • The Cyber Express
CISA Warns of Critical Vulnerabilities in Industrial Control Systems Affecting Key Infrastructure Sectors

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued multiple advisories alerting the public to critical vulnerabilities affecting industrial control systems (ICS) equipment deploye ... Read more

Published Date: Nov 11, 2024 (1 month, 1 week ago)
  • The Cyber Express
CISA Alerts Fed Agencies of Active Exploitation of Palo Alto Networks’ CVE-2024-5910

A missing authentication flaw in Palo Alto Networks’ Expedition tool now jeopardizes firewall configurations across sectors, with attackers actively exploiting this vulnerability in the wild. The U.S. ... Read more

Published Date: Nov 08, 2024 (1 month, 1 week ago)
  • The Cyber Express
Critical Command Injection Vulnerability Hits Cisco’s Wireless Backhaul Devices

Cisco’s Unified Industrial Wireless Software for Ultra-Reliable Wireless Backhaul (URWB) Access Points contain a severe vulnerability that potentially allows attackers to execute commands with root pr ... Read more

Published Date: Nov 07, 2024 (1 month, 1 week ago)
  • The Cyber Express
Google Addresses Two Android Zero-Days Used in Targeted Attacks

In its November security update, Google has patched two critical Android zero-days actively exploited in targeted attacks, along with 49 additional vulnerabilities. Google flagged these zero-day flaws ... Read more

Published Date: Nov 06, 2024 (1 month, 1 week ago)
  • The Cyber Express
Critical ICS Vulnerabilities Exposed: CISA Advisories Urge Immediate Action

Cyble Research & Intelligence Labs (CRIL) has released a new report focusing on critical Industrial Control System (ICS) vulnerabilities, with insights derived from recent advisories issued by the Cyb ... Read more

Published Date: Nov 05, 2024 (1 month, 1 week ago)
  • The Cyber Express
CISA Flags Critical Security Flaws in PTZOptics Cameras, Urges Swift Action by Federal Agencies

The Cybersecurity and Infrastructure Security Agency (CISA) has added two newly discovered vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog following confirmed reports of active ex ... Read more

Published Date: Nov 05, 2024 (1 month, 1 week ago)
  • The Cyber Express
FortiManager May Still Be Vulnerable Despite ‘FortiJump’ Patch

The ‘FortiJump’ vulnerability in Fortinet’s FortiManager management platform may not have been completely fixed by the company’s patch issued last month. A screen recording posted to X (formerly known ... Read more

Published Date: Nov 04, 2024 (1 month, 1 week ago)
  • The Cyber Express
Cyble Warns of Escalating Cyber Risks in IoT and WordPress Plugins Amid Phishing Surge

In the latest edition of Cyble’s weekly sensor intelligence report, cybersecurity experts revealed a concerning surge in attacks targeting the LightSpeed Cache and GutenKit WordPress plugins. As the r ... Read more

Published Date: Nov 04, 2024 (1 month, 2 weeks ago)
  • The Cyber Express
New Vulnerabilities in Fortinet, SonicWall, and Grafana Pose Significant Risks

Cyble Research and Intelligence Labs (CRIL) has identified new IT vulnerabilities affecting Fortinet, SonicWall, Grafana Labs, and CyberPanel, among others. The report for the week of October 23-29 hi ... Read more

Published Date: Nov 04, 2024 (1 month, 2 weeks ago)
  • The Cyber Express
Nearly 1 Million Vulnerable Fortinet, SonicWall Devices Exposed to the Web

Nearly 1 million Fortinet and SonicWall devices with actively exploited vulnerabilities are exposed on the internet, according to Cyble’s weekly vulnerability report published today. The report also l ... Read more

Published Date: Nov 01, 2024 (1 month, 2 weeks ago)
  • The Cyber Express
Apple Silences the Critics: visionOS 2.1 Plugs Major Security Holes

Apple has launched the highly anticipated visionOS 2.1 update for its innovative mixed reality headset, the Apple Vision Pro. This update is particularly important as it addresses a range of Apple Vis ... Read more

Published Date: Oct 29, 2024 (1 month, 2 weeks ago)
  • The Cyber Express
IoT Vulnerabilities Exposed: Philips Smart Bulbs Pose Risks to Home Wi-Fi Security

In an era where the Internet of Things (IoT) promises convenience and efficiency, the rapid adoption of smart home technology comes with hidden security risks. From smart fridges to light bulbs, IoT d ... Read more

Published Date: Oct 28, 2024 (1 month, 2 weeks ago)
  • The Cyber Express
‘I’m not a Robot’ reCAPTCHA Trojanized by Russian Hackers to Target Local Ukrainian Government

Ukraine is confronting a new cyberattack vector from Russian military intelligence (GRU) connected hackers that is targeting local governments. The Computer Emergency Response Team of Ukraine (CERT-UA ... Read more

Published Date: Oct 25, 2024 (1 month, 3 weeks ago)
  • The Cyber Express
Cisco Patches Critical Vulnerability Affecting VPN Services

Cisco Systems released a critical advisory regarding a vulnerability in the Remote Access VPN (RAVPN) service associated with its Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) s ... Read more

Published Date: Oct 25, 2024 (1 month, 3 weeks ago)
  • The Cyber Express
Cyble Sensors Uncover Cyberattacks on Java Framework and IoT Devices

Cyble vulnerability intelligence unit has shared a report, detailing the recent cyberattacks on the Spring Java framework and hundreds of thousands of Internet of Things (IoT) devices. The report shed ... Read more

Published Date: Oct 23, 2024 (1 month, 3 weeks ago)
  • The Cyber Express
High-Risk ICS Vulnerability Exposes ICONICS and Mitsubishi Electric Products to Data Breaches

The Cybersecurity and Infrastructure Security Agency (CISA), on October 22, 2024, issued a new advisory targeting Industrial Control Systems (ICS). One of the most significant vulnerabilities highligh ... Read more

Published Date: Oct 23, 2024 (1 month, 3 weeks ago)
  • The Cyber Express
Multiple High-Severity Vulnerabilities Found in Bitdefender Products: Patch Now

Bitdefender has recently alerted users to critical vulnerabilities within Bitdefender Total Security and SafePay, necessitating immediate action to protect against online threats. These Bitdefender vu ... Read more

Published Date: Oct 23, 2024 (1 month, 3 weeks ago)
  • The Cyber Express
Splunk’s Recent Security Advisory: Addressing Vulnerabilities in Splunk Enterprise

Splunk has recently issued a security advisory aimed at addressing multiple vulnerabilities within its Splunk Enterprise software. The advisory categorizes these Splunk vulnerabilities into three main ... Read more

Published Date: Oct 22, 2024 (1 month, 3 weeks ago)
  • The Cyber Express
CVE-2024-9537: CISA Warns of Unpatched ScienceLogic SL1 Exploit in Active Use

U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog-CVE-2024-9537. This vulnerability affects ScienceLogic SL1 ( ... Read more

Published Date: Oct 22, 2024 (1 month, 3 weeks ago)
  • The Cyber Express
Dumbest Thing in Security This Week: The Most Exploited Vulnerability Is…

Cyble’s weekly sensor report is an always fascinating look at the vulnerabilities that threat actors are actively exploiting. While new vulnerabilities are quickly exploited, older ones are still expl ... Read more

Published Date: Oct 18, 2024 (1 month, 4 weeks ago)
  • The Cyber Express
Critical Vulnerability in Kubernetes Image Builder Exposes Nodes to Root Access

A new security risk has emerged in the Kubernetes Image Builder, posing a critical threat to organizations that utilize this tool for managing their containerized environments. The Kubernetes Image Bu ... Read more

Published Date: Oct 18, 2024 (2 months ago)
  • The Cyber Express
GitHub Issues Urgent Security Advisory on Critical Vulnerability in GitHub Enterprise Server

GitHub has released a critical security advisory highlighting vulnerabilities that merit immediate action from users of GitHub Enterprise Server (GHES). The advisory focuses on a GitHub vulnerability ... Read more

Published Date: Oct 17, 2024 (2 months ago)
  • The Hacker News
SideWinder APT Strikes Middle East and Africa With Stealthy Multi-Stage Attack

An advanced persistent threat (APT) actor with suspected ties to India has sprung forth with a flurry of attacks against high-profile entities and strategic infrastructures in the Middle East and Afri ... Read more

Published Date: Oct 17, 2024 (2 months ago)
  • The Cyber Express
Critical Veeam Vulnerability CVE-2024-40711 Exploited by Ransomware Groups

Veeam has addressed a severe vulnerability in its widely utilized Backup & Replication tool, CVE-2024-40711. This critical flaw has a staggering Common Vulnerability Scoring System (CVSS) score of 9.8 ... Read more

Published Date: Oct 17, 2024 (2 months ago)
  • The Cyber Express
SolarWinds, Firefox, Windows Face Active Exploitation: CISA Issues Urgent Warning

The Cybersecurity and Infrastructure Security Agency (CISA) has recently added three vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, emphasizing the pressing need for organizatio ... Read more

Published Date: Oct 17, 2024 (2 months ago)
  • Dark Reading
Sidewinder Casts Wide Geographic Net in Latest Attack Spree

Source: Papilio via Alamy Stock PhotoThe elusive, India-based advanced persistent threat (APT) group SideWinder has unleashed a new flurry of attacks against high-profile entities and strategic infras ... Read more

Published Date: Oct 16, 2024 (2 months ago)
  • Cybersecurity News
SideWinder APT: A Decade of Evolution and Global Expansion

The SideWinder Advanced Persistent Threat (APT) group, also known as T-APT-04 or RattleSnake, has been a relentless actor in the global cyber espionage landscape since its emergence in 2012. Though in ... Read more

Published Date: Oct 16, 2024 (2 months ago)
  • Kaspersky
Beyond the Surface: the evolution and expansion of the SideWinder APT group

SideWinder, aka T-APT-04 or RattleSnake, is one of the most prolific APT groups that began its activities in 2012 and was first publicly mentioned by us in 2018. Over the years, the group has launched ... Read more

Published Date: Oct 15, 2024 (2 months ago)
  • The Cyber Express
Cyble Sensors Uncover Cyberattacks Targeting Key Vulnerabilities

Cyble’s Vulnerability Intelligence unit has spotlighted a series of cyberattacks targeting critical vulnerabilities in various software systems, including the Ruby SAML library, D-Link NAS devices, an ... Read more

Published Date: Oct 14, 2024 (2 months ago)
  • The Cyber Express
Adobe Security Alert: Update Software Now to Protect Against Exploits

Adobe announced a series of important security updates aimed at addressing several vulnerabilities across its product suite. These vulnerabilities could potentially allow cybercriminals to execute arb ... Read more

Published Date: Oct 09, 2024 (2 months, 1 week ago)
  • The Cyber Express
Microsoft Patches 117 CVEs: Focus on Critical and Zero-Day Threats

Microsoft has released the October 2024 Patch Tuesday, addressing a total of 117 Common Vulnerabilities and Exposures (CVEs). This month’s Microsoft Patch Tuesday update includes three vulnerabilities ... Read more

Published Date: Oct 09, 2024 (2 months, 1 week ago)
  • The Cyber Express
Progress Telerik, Cisco, QNAP and Linux Under Attack: Cyble Honeypot Sensors

Cyble’s Vulnerability Intelligence unit has detected cyberattacks on several key IT products and systems, as threat actors have been quick to exploit vulnerabilities and enterprises slow to patch them ... Read more

Published Date: Oct 08, 2024 (2 months, 1 week ago)
  • The Cyber Express
Qualcomm Addresses DSP Vulnerability CVE-2024-43047, Urges Users to Patch Devices

Qualcomm has released the latest security advisory for multiple vulnerabilities. Among them, a Qualcomm vulnerability, designated as CVE-2024-43047, has brought to light concerns surrounding the safet ... Read more

Published Date: Oct 08, 2024 (2 months, 1 week ago)
  • The Cyber Express
Apple Patches iOS Security Flaw That Could Reveal Saved Passwords

Apple has released new updates for iOS and iPadOS to fix two important security problems affecting many iPhone and iPad models. These Apple updates, now available as iOS 18.0.1 and iPadOS 18.0.1, fix ... Read more

Published Date: Oct 07, 2024 (2 months, 1 week ago)
  • The Cyber Express
The Week’s Top Vulnerabilities: Cyble Urges Fixes for NVIDIA, Adobe, CUPS

Cyble researchers had a busy week, investigating 19 vulnerabilities in the week ended Oct.1 and flagging eight of them as high priority. Cyble’s weekly IT vulnerability report also noted that research ... Read more

Published Date: Oct 04, 2024 (2 months, 1 week ago)
  • The Cyber Express
Hackers Exploit Ivanti Endpoint Manager Flaw—Are You at Risk?

The Cybersecurity and Infrastructure Security Agency (CISA) has alerted organizations about an active exploitation of a vulnerability in Ivanti Endpoint Manager (EPM). This critical flaw, tracked as C ... Read more

Published Date: Oct 04, 2024 (2 months, 2 weeks ago)
  • The Cyber Express
Google Addresses Critical Baseband Flaws, Strengthens Pixel Defenses

Google recently addressed a flaw within cellular modem vulnerabilities that can pose risk to smartphone users. The cellular baseband is responsible for handling all cellular communications, including ... Read more

Published Date: Oct 04, 2024 (2 months, 2 weeks ago)
  • The Cyber Express
‘Embarrassingly Bad’ Zimbra RCE Vulnerability Under Active Attack. Patch Now.

A critical remote code execution (RCE) vulnerability in Zimbra email servers is under active attack, and users are urged to patch immediately. Zimbra is already a popular target for hackers – CISA’s K ... Read more

Published Date: Oct 03, 2024 (2 months, 2 weeks ago)
  • The Cyber Express
86% of Users Neglect Critical Router Security, Says Latest Survey

It is not just enough to surf the internet, but equally important to safeguard its boundaries. However, a latest survey has exposed the knowledge and preparedness of internet users. It was found that ... Read more

Published Date: Oct 03, 2024 (2 months, 2 weeks ago)
  • The Cyber Express
Critical Vulnerability in NVIDIA Container Toolkit Poses Risks to Cloud Environments

A new vulnerability in NVIDIA’s software impacts over 35% of cloud environments. The NVIDIA vulnerability, designated as CVE-2024-0132, is linked to the NVIDIA Container Toolkit, a widely utilized fra ... Read more

Published Date: Oct 01, 2024 (2 months, 2 weeks ago)
  • The Cyber Express
Apex Softcell Vulnerability: CERT-In Issues Critical Warning for Users

The Indian Computer Emergency Response Team (CERT-In) has reported multiple high-severity vulnerabilities in Apex Softcell’s mobile stock trading and back-office platforms. The Apex Softcell vulnerabi ... Read more

Published Date: Sep 26, 2024 (2 months, 3 weeks ago)
  • The Cyber Express
New Vulnerability in Microchip Advanced Software Framework Poses Risks

The CERT Coordination Center (CERT/CC) at Carnegie Mellon University issued a warning about a security flaw in the Microchip Advanced Software Framework (ASF). This Microchip vulnerability, tracked as ... Read more

Published Date: Sep 25, 2024 (2 months, 3 weeks ago)
  • The Cyber Express
Versa Director Flaw Could Lead to API Attacks, Token Theft

Vulnerabilities in Versa Director are never a small matter, as the platform manages network configurations for Versa’s SD-WAN software – which is often used by internet service providers (ISPs) and ma ... Read more

Published Date: Sep 24, 2024 (2 months, 3 weeks ago)
  • The Cyber Express
Quantum Computing: Revolutionizing Cybersecurity Risks and Solutions

Quantum computing revolutionizes various fields, leveraging the unique properties of quantum mechanics. Its impact on cybersecurity, however, presents both significant risks and opportunities. Traditi ... Read more

Published Date: Sep 23, 2024 (2 months, 3 weeks ago)
  • The Cyber Express
Behind the Scenes: The Technical Details of Arc’s Recent Vulnerability

The Browser Company has announced a security vulnerability in the Arc browser, CVE-2024-45489. The Arc browser vulnerability was discovered on August 25, 2024, and was addressed within a day, ensuring ... Read more

Published Date: Sep 23, 2024 (2 months, 3 weeks ago)
  • The Cyber Express
Iran’s Passive Backdoors Lurk in Middle Eastern Networks

UNC1860, an Iranian state-sponsored threat actor, has emerged as a formidable cyber force in the Middle East. Likely tied to Iran’s Ministry of Intelligence and Security (MOIS), UNC1860 group is known ... Read more

Published Date: Sep 19, 2024 (2 months, 4 weeks ago)
  • The Cyber Express
5 New Vulnerabilities Added to CISA’s Known Exploited List: Urgent Action Required

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added five new vulnerabilities to its Known Exploited Vulnerabilities Catalog, highlighting the continued threat that these securit ... Read more

Published Date: Sep 19, 2024 (2 months, 4 weeks ago)
  • The Cyber Express
U.S. Intelligence Agencies Say Chinese Botnet Compromised 260,000 Devices

U.S. intelligence agencies issued a warning today about a Chinese botnet that has compromised 260,000 devices around the globe, including small office/home office (SOHO) routers, firewalls, network-at ... Read more

Published Date: Sep 18, 2024 (2 months, 4 weeks ago)
  • The Cyber Express
Apple Urges Users to Install iOS 18 to Fix 33 iPhone Vulnerabilities

Apple has officially released iOS 18, which is the latest software update for iPhones and iPads. While the software introduces exciting new features, the most critical part of this update lies in its ... Read more

Published Date: Sep 17, 2024 (3 months ago)
  • The Cyber Express
Cert-In Issues High Severity Warning for Android Users, Recommends Patching

The Indian Computer Emergency Response Team (CERT-In), functioning under the Ministry of Electronics and Information Technology, has issued a high-severity warning aimed at users operating Android OS ... Read more

Published Date: Sep 12, 2024 (3 months ago)
  • The Cyber Express
GitLab Issues Critical Patch Releases: Versions 17.3.2, 17.2.5, and 17.1.7 Address Key Vulnerabilities

GitLab has released critical patch updates across its Community Edition (CE) and Enterprise Edition (EE) to address security vulnerabilities and bugs. The GitLab critical patch release includes vital ... Read more

Published Date: Sep 12, 2024 (3 months ago)
  • The Cyber Express
Microsoft September 2024 Patch Tuesday: Addressing 79 New Vulnerabilities and Product Updates

The second Tuesday of September has once again proven to be a significant date for cybersecurity with Microsoft’s latest Patch Tuesday update. This month’s release is dominated by a daunting array of ... Read more

Published Date: Sep 11, 2024 (3 months, 1 week ago)
  • The Cyber Express
Don’t Delay: Patch LoadMaster Now to Avoid Exploitation

A security vulnerability, identified as CVE-2024-7591, has been disclosed affecting all versions of LoadMaster and the LoadMaster Multi-Tenant (MT) hypervisor. The LoadMaster vulnerability is critical ... Read more

Published Date: Sep 10, 2024 (3 months, 1 week ago)
  • The Cyber Express
Critical Vulnerabilities Disclosed in IBM webMethods Integration Server

IBM has revealed several severe vulnerabilities within its webMethods Integration Server, a platform widely utilized for integration and API management. These IBM webMethods Integration vulnerabilitie ... Read more

Published Date: Sep 09, 2024 (3 months, 1 week ago)
  • The Cyber Express
Critical RCE Vulnerability Patched in Apache OFBiz (CVE-2024-45195)

Popular open-source enterprise Resource Planning (ERP) system, Apache OFBiz, recently discovered harboring a critical Remote Code Execution (RCE) vulnerability. Tracked as CVE-2024-45195, the Apache O ... Read more

Published Date: Sep 06, 2024 (3 months, 1 week ago)
  • The Cyber Express
Veeam Security Bulletin Fixes Critical Vulnerabilities for Backup & Replication, Veeam ONE and More

Veeam has published a new Security Bulletin addressing multiple critical vulnerabilities across its suite of products. The Veeam security bulletin, identified as KB ID: 4649, includes updates on Veeam ... Read more

Published Date: Sep 06, 2024 (3 months, 1 week ago)
  • The Cyber Express
High-Risk Vulnerabilities Discovered in Zyxel Firewalls: What You Need to Know

Zyxel Networks has recently issued a critical alert regarding several high-risk vulnerabilities affecting their firewall products. This warning comes as part of a broader security advisory that highli ... Read more

Published Date: Sep 04, 2024 (3 months, 2 weeks ago)
  • The Cyber Express
CERT-IN Warns About Critical Vulnerabilities in Palo Alto Networks Applications

The Indian Computer Emergency Response Team (CERT-IN) has issued advisories regarding critical vulnerabilities affecting several Palo Alto Networks applications. These vulnerabilities could allow atta ... Read more

Published Date: Sep 03, 2024 (3 months, 2 weeks ago)
  • The Cyber Express
Canonical Addresses Critical Linux Kernel AWS Vulnerabilities with New Patches

Canonical has rolled out essential security updates for Ubuntu, addressing multiple Linux kernel vulnerabilities that also impact Amazon Web Services (AWS). These issues, which involve race conditions ... Read more

Published Date: Sep 03, 2024 (3 months, 2 weeks ago)
  • The Cyber Express
Cyberattack Hits Shoshone-Bannock Tribes: Key Services Unaffected, Recovery in Progress

The Shoshone-Bannock Tribes have confirmed a cybersecurity incident that disrupted their operations on the Fort Hall Reservation in Idaho. The Shoshone-Bannock Tribes cyberattack, reported on August 2 ... Read more

Published Date: Sep 03, 2024 (3 months, 2 weeks ago)
  • The Cyber Express
North Korean Hackers Exploited Chromium Zero-Day to Deploy Rootkit

In a recent attack, a North Korean threat actor leveraged a zero-day vulnerability in Google’s Chromium browser to deploy the FudModule rootkit, targeting cryptocurrency firms for financial gain. Micr ... Read more

Published Date: Aug 30, 2024 (3 months, 2 weeks ago)
  • The Cyber Express
Cyberespionage Threat: APT-C-60 Targets East Asia with SpyGlace

A sophisticated cyberespionage campaign targeting East Asian countries has been uncovered, with the APT-C-60 group exploiting a zero-day vulnerability in WPS Office to deploy the notorious SpyGlace ba ... Read more

Published Date: Aug 30, 2024 (3 months, 2 weeks ago)
  • The Cyber Express
Critical Vulnerabilities in Progress Software’s WhatsUp Gold Expose Systems to Severe Risks

Recent security findings reveal that Progress Software’s WhatsUp Gold, a prominent enterprise network monitoring and management solution, harbors significant vulnerabilities that could lead to full sy ... Read more

Published Date: Aug 30, 2024 (3 months, 2 weeks ago)
  • The Cyber Express
Massive Mirai Botnet Exploited Zero-Day Vulnerability in AVTECH Cameras

Researchers have discovered a botnet campaign that is exploiting several vulnerabilities, including a zero-day vulnerability (CVE-2024-7029) in AVTECH closed-circuit television (CCTV) cameras that cou ... Read more

Published Date: Aug 30, 2024 (3 months, 2 weeks ago)
  • The Cyber Express
Russian State Hackers Using Exploits ‘Strikingly Similar’ to Spyware Vendors NSO and Intellexa

Google has identified a connection between Russian state hackers and exploits that bear an “identical or strikingly similar” resemblance to those created by spyware companies NSO Group and Intellexa, ... Read more

Published Date: Aug 29, 2024 (3 months, 2 weeks ago)
  • The Cyber Express
Iranian State Hackers Act as Access Brokers for Ransomware Gangs, Target U.S. and Allies’ Critical Infrastructure

A shadowy group of Iranian cyber actors is acting as access brokers for ransomware gangs and collaborating with affiliates to target the U.S. and its allies, exploiting vulnerabilities across sectors ... Read more

Published Date: Aug 28, 2024 (3 months, 2 weeks ago)
  • The Cyber Express
Critical Apache OFBiz Vulnerability CVE-2024-38856 Identified and Actively Exploited

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has flagged a security vulnerability affecting Apache OFBiz, the open-source enterprise resource planning (ERP) system. This Apache OFB ... Read more

Published Date: Aug 28, 2024 (3 months, 2 weeks ago)
  • The Cyber Express
Critical WPML Plugin Flaw Exposes Millions of WordPress Sites to Remote Code Execution

A critical vulnerability has been discovered in the WPML (WordPress Multilingual) plugin, exposing millions of WordPress websites to potential Remote Code Execution (RCE) attacks. This WPML Plugin Fla ... Read more

Published Date: Aug 28, 2024 (3 months, 2 weeks ago)
  • The Cyber Express
Versa Director Zero-Day Attack: A Non-Critical Vulnerability with Low Exposure Can Still Be Trouble

A zero-day vulnerability in Versa Director servers is proof that a vulnerability doesn’t require a critical severity rating and thousands of exposures to do significant damage. CVE-2024-39717, announc ... Read more

Published Date: Aug 27, 2024 (3 months, 2 weeks ago)
  • The Hacker News
macOS Version of HZ RAT Backdoor Targets Chinese Messaging App Users

Cyber Espionage / Malware Users of Chinese instant messaging apps like DingTalk and WeChat are the target of an Apple macOS version of a backdoor named HZ RAT. The artifacts "almost exactly replicate ... Read more

Published Date: Aug 27, 2024 (3 months, 2 weeks ago)
  • The Cyber Express
Critical Chrome Zero-Day Vulnerability (CVE-2024-7965) Requires Immediate User Action

Google recently addressed a critical zero-day vulnerability in its Chrome browser, identified as CVE-2024-7965. This high-severity flaw, affecting versions of Chrome prior to 128.0.6613.84, has been a ... Read more

Published Date: Aug 27, 2024 (3 months, 3 weeks ago)
  • Kaspersky
Exploits and vulnerabilities in Q2 2024

Q2 2024 was eventful in terms of new interesting vulnerabilities and exploitation techniques for applications and operating systems. Attacks through vulnerable drivers have become prevalent as a gener ... Read more

Published Date: Aug 21, 2024 (3 months, 3 weeks ago)
  • The Cyber Express
Critical Remote Code Execution Vulnerability Addressed in GiveWP Plugin

The GiveWP plugin, a widely used donation and fundraising tool for WordPress, has recently undergone a crucial update to address a severe security flaw. This GiveWP vulnerability, discovered by the re ... Read more

Published Date: Aug 20, 2024 (3 months, 4 weeks ago)
  • The Cyber Express
SideWinder APT Group Targets Maritime Facilities in Possible Espionage Campaign

Researchers have uncovered a new campaign by SideWinder, a nation-state threat actor believed to originate from India that has been active since 2012. Analysis of phishing emails suggests the campaign ... Read more

Published Date: Jul 26, 2024 (4 months, 3 weeks ago)

The following table lists the changes that have been made to the CVE-2017-11882 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • CVE Modified by af854a3a-2127-422b-91ae-364da2661108

    Nov. 21, 2024

    Action Type Old Value New Value
    Added Reference http://reversingminds-blog.logdown.com/posts/3907313-fileless-attack-in-word-without-macros-cve-2017-11882
    Added Reference http://www.securityfocus.com/bid/101757
    Added Reference http://www.securitytracker.com/id/1039783
    Added Reference https://0patch.blogspot.com/2017/11/did-microsoft-just-manually-patch-their.html
    Added Reference https://0patch.blogspot.com/2017/11/official-patch-for-cve-2017-11882-meets.html
    Added Reference https://github.com/0x09AL/CVE-2017-11882-metasploit
    Added Reference https://github.com/embedi/CVE-2017-11882
    Added Reference https://github.com/rxwx/CVE-2017-11882
    Added Reference https://github.com/unamer/CVE-2017-11882
    Added Reference https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11882
    Added Reference https://researchcenter.paloaltonetworks.com/2017/12/unit42-analysis-of-cve-2017-11882-exploit-in-the-wild/
    Added Reference https://web.archive.org/web/20181104111128/https://embedi.com/blog/skeleton-closet-ms-office-vulnerability-you-didnt-know-about/
    Added Reference https://www.exploit-db.com/exploits/43163/
    Added Reference https://www.kb.cert.org/vuls/id/421280
  • CVE Modified by [email protected]

    May. 14, 2024

    Action Type Old Value New Value
  • Modified Analysis by [email protected]

    Mar. 16, 2021

    Action Type Old Value New Value
    Removed CVSS V3 NIST AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
    Added CVSS V3.1 NIST AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
    Changed Reference Type https://web.archive.org/web/20181104111128/https://embedi.com/blog/skeleton-closet-ms-office-vulnerability-you-didnt-know-about/ No Types Assigned https://web.archive.org/web/20181104111128/https://embedi.com/blog/skeleton-closet-ms-office-vulnerability-you-didnt-know-about/ Exploit, Mitigation, Third Party Advisory
  • CVE Modified by [email protected]

    Jan. 26, 2021

    Action Type Old Value New Value
    Removed Reference https://embedi.com/blog/skeleton-closet-ms-office-vulnerability-you-didnt-know-about [Broken Link]
    Added Reference https://web.archive.org/web/20181104111128/https://embedi.com/blog/skeleton-closet-ms-office-vulnerability-you-didnt-know-about/ [No Types Assigned]
  • Modified Analysis by [email protected]

    May. 02, 2019

    Action Type Old Value New Value
    Changed Reference Type https://researchcenter.paloaltonetworks.com/2017/12/unit42-analysis-of-cve-2017-11882-exploit-in-the-wild/ No Types Assigned https://researchcenter.paloaltonetworks.com/2017/12/unit42-analysis-of-cve-2017-11882-exploit-in-the-wild/ Exploit, Third Party Advisory
    Changed Reference Type https://github.com/rxwx/CVE-2017-11882 No Types Assigned https://github.com/rxwx/CVE-2017-11882 Exploit, Third Party Advisory
    Changed Reference Type https://www.exploit-db.com/exploits/43163/ Third Party Advisory, VDB Entry https://www.exploit-db.com/exploits/43163/ Exploit, Third Party Advisory, VDB Entry
    Changed Reference Type https://github.com/unamer/CVE-2017-11882 No Types Assigned https://github.com/unamer/CVE-2017-11882 Exploit, Third Party Advisory
    Changed Reference Type http://reversingminds-blog.logdown.com/posts/3907313-fileless-attack-in-word-without-macros-cve-2017-11882 Third Party Advisory http://reversingminds-blog.logdown.com/posts/3907313-fileless-attack-in-word-without-macros-cve-2017-11882 Exploit, Third Party Advisory
    Changed Reference Type https://0patch.blogspot.com/2017/11/official-patch-for-cve-2017-11882-meets.html Third Party Advisory https://0patch.blogspot.com/2017/11/official-patch-for-cve-2017-11882-meets.html Exploit, Patch, Third Party Advisory
    Changed Reference Type https://embedi.com/blog/skeleton-closet-ms-office-vulnerability-you-didnt-know-about Technical Description, Third Party Advisory https://embedi.com/blog/skeleton-closet-ms-office-vulnerability-you-didnt-know-about Broken Link
    Changed Reference Type https://0patch.blogspot.com/2017/11/did-microsoft-just-manually-patch-their.html Third Party Advisory https://0patch.blogspot.com/2017/11/did-microsoft-just-manually-patch-their.html Exploit, Third Party Advisory
  • CVE Modified by [email protected]

    Dec. 31, 2017

    Action Type Old Value New Value
    Added Reference https://github.com/rxwx/CVE-2017-11882 [No Types Assigned]
  • CVE Modified by [email protected]

    Dec. 12, 2017

    Action Type Old Value New Value
    Added Reference https://researchcenter.paloaltonetworks.com/2017/12/unit42-analysis-of-cve-2017-11882-exploit-in-the-wild/ [No Types Assigned]
  • CVE Modified by [email protected]

    Dec. 06, 2017

    Action Type Old Value New Value
    Added Reference https://github.com/unamer/CVE-2017-11882 [No Types Assigned]
  • Initial Analysis by [email protected]

    Dec. 05, 2017

    Action Type Old Value New Value
    Added CVSS V2 (AV:N/AC:M/Au:N/C:C/I:C/A:C)
    Added CVSS V3 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
    Changed Reference Type http://reversingminds-blog.logdown.com/posts/3907313-fileless-attack-in-word-without-macros-cve-2017-11882 No Types Assigned http://reversingminds-blog.logdown.com/posts/3907313-fileless-attack-in-word-without-macros-cve-2017-11882 Third Party Advisory
    Changed Reference Type http://www.securityfocus.com/bid/101757 No Types Assigned http://www.securityfocus.com/bid/101757 Third Party Advisory, VDB Entry
    Changed Reference Type https://0patch.blogspot.com/2017/11/official-patch-for-cve-2017-11882-meets.html No Types Assigned https://0patch.blogspot.com/2017/11/official-patch-for-cve-2017-11882-meets.html Third Party Advisory
    Changed Reference Type https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11882 No Types Assigned https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11882 Patch, Vendor Advisory
    Changed Reference Type https://0patch.blogspot.com/2017/11/did-microsoft-just-manually-patch-their.html No Types Assigned https://0patch.blogspot.com/2017/11/did-microsoft-just-manually-patch-their.html Third Party Advisory
    Changed Reference Type https://www.kb.cert.org/vuls/id/421280 No Types Assigned https://www.kb.cert.org/vuls/id/421280 Third Party Advisory, US Government Resource
    Changed Reference Type http://www.securitytracker.com/id/1039783 No Types Assigned http://www.securitytracker.com/id/1039783 Third Party Advisory, VDB Entry
    Changed Reference Type https://embedi.com/blog/skeleton-closet-ms-office-vulnerability-you-didnt-know-about No Types Assigned https://embedi.com/blog/skeleton-closet-ms-office-vulnerability-you-didnt-know-about Technical Description, Third Party Advisory
    Changed Reference Type https://github.com/0x09AL/CVE-2017-11882-metasploit No Types Assigned https://github.com/0x09AL/CVE-2017-11882-metasploit Exploit, Third Party Advisory
    Changed Reference Type https://www.exploit-db.com/exploits/43163/ No Types Assigned https://www.exploit-db.com/exploits/43163/ Third Party Advisory, VDB Entry
    Changed Reference Type https://github.com/embedi/CVE-2017-11882 No Types Assigned https://github.com/embedi/CVE-2017-11882 Exploit, Third Party Advisory
    Added CWE CWE-119
    Added CPE Configuration OR *cpe:2.3:a:microsoft:office:2007:sp3:*:*:*:*:*:* *cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:*:* *cpe:2.3:a:microsoft:office:2013:sp1:*:*:*:*:*:* *cpe:2.3:a:microsoft:office:2016:*:*:*:*:*:*:*
  • CVE Modified by [email protected]

    Dec. 05, 2017

    Action Type Old Value New Value
    Added Reference http://reversingminds-blog.logdown.com/posts/3907313-fileless-attack-in-word-without-macros-cve-2017-11882 [No Types Assigned]
  • CVE Modified by [email protected]

    Nov. 29, 2017

    Action Type Old Value New Value
    Added Reference https://0patch.blogspot.com/2017/11/official-patch-for-cve-2017-11882-meets.html [No Types Assigned]
  • CVE Modified by [email protected]

    Nov. 23, 2017

    Action Type Old Value New Value
    Added Reference https://www.exploit-db.com/exploits/43163/ [No Types Assigned]
  • CVE Modified by [email protected]

    Nov. 22, 2017

    Action Type Old Value New Value
    Added Reference https://github.com/embedi/CVE-2017-11882 [No Types Assigned]
    Added Reference https://github.com/0x09AL/CVE-2017-11882-metasploit [No Types Assigned]
  • CVE Modified by [email protected]

    Nov. 18, 2017

    Action Type Old Value New Value
    Added Reference https://0patch.blogspot.com/2017/11/did-microsoft-just-manually-patch-their.html [No Types Assigned]
  • CVE Modified by [email protected]

    Nov. 17, 2017

    Action Type Old Value New Value
    Added Reference https://www.kb.cert.org/vuls/id/421280 [No Types Assigned]
    Added Reference https://embedi.com/blog/skeleton-closet-ms-office-vulnerability-you-didnt-know-about [No Types Assigned]
  • CVE Modified by [email protected]

    Nov. 16, 2017

    Action Type Old Value New Value
    Added Reference http://www.securitytracker.com/id/1039783 [No Types Assigned]
    Added Reference http://www.securityfocus.com/bid/101757 [No Types Assigned]
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
Exploit Prediction

EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days.

97.42 }} -0.02%

score

0.99969

percentile

CVSS31 - Vulnerability Scoring System
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability