CVE-2017-11882
Microsoft Office Memory Corruption Vulnerability - [Actively Exploited]
Description
Microsoft Office 2007 Service Pack 3, Microsoft Office 2010 Service Pack 2, Microsoft Office 2013 Service Pack 1, and Microsoft Office 2016 allow an attacker to run arbitrary code in the context of the current user by failing to properly handle objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11884.
INFO
Published Date :
Nov. 15, 2017, 3:29 a.m.
Last Modified :
April 20, 2025, 1:37 a.m.
Remotely Exploit :
Yes !
Source :
[email protected]
CISA KEV (Known Exploited Vulnerabilities)
For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild.
Microsoft Office contains a memory corruption vulnerability that allows remote code execution in the context of the current user.
Apply updates per vendor instructions.
https://nvd.nist.gov/vuln/detail/CVE-2017-11882
CVSS Scores
Score | Version | Severity | Vector | Exploitability Score | Impact Score | Source |
---|---|---|---|---|---|---|
CVSS 2.0 | HIGH | [email protected] | ||||
CVSS 3.1 | HIGH | [email protected] | ||||
CVSS 3.1 | HIGH | 134c704f-9b21-4f2e-91b3-4a467353bcc0 |
Solution
- Microsoft has released security updates for Microsoft Office Products.
Public PoC/Exploit Available at Github
CVE-2017-11882 has a 186 public
PoC/Exploit
available at Github.
Go to the Public Exploits
tab to see the list.
References to Advisories, Solutions, and Tools
Here, you will find a curated list of external links that provide in-depth
information, practical solutions, and valuable tools related to
CVE-2017-11882
.
CWE - Common Weakness Enumeration
While CVE identifies
specific instances of vulnerabilities, CWE categorizes the common flaws or
weaknesses that can lead to vulnerabilities. CVE-2017-11882
is
associated with the following CWEs:
Common Attack Pattern Enumeration and Classification (CAPEC)
Common Attack Pattern Enumeration and Classification
(CAPEC)
stores attack patterns, which are descriptions of the common attributes and
approaches employed by adversaries to exploit the CVE-2017-11882
weaknesses.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
None
Simple PoC of CVE-2017-11882
Python
None
None
None
HTML
None
None
CVE-2017-11882 Preventer for .docx files
JavaScript HTML
None
None
Dockerfile Python PowerShell Shell YARA JavaScript
None
APT Simulation Framework
Malware Analysis CVE-2017-11882
This is my personal collection of malware development notes, tools, code snippets, and resources I explore and learn from. It’s my go-to place to keep everything organized and handy.
None
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2017-11882
vulnerability anywhere in the article.

-
CybersecurityNews
APT SideWinder Actor Profile – Recent Attacks, Tactics, Techniques, and Procedures
APT SideWinder, also known as Rattlesnake, Razor Tiger, and T-APT-04, is a nation-state advanced persistent threat (APT) group active since at least 2012 and believed to originate from India. Noted fo ... Read more

-
Daily CyberSecurity
A Blast from the Past: Why a 2017 Office Flaw Still Haunts Enterprises Today
Under normal circumstances, software developers recommend that users promptly update to the latest version after a release. Security experts share the same stance, as updates often do more than fix bu ... Read more

-
The Register
Crooks can't let go: Active attacks target Office vuln patched 8 years ago
Very few people are immune to the siren song of nostalgia, a yearning for a "better time" when this was all fields and kids respected their elders - and it looks like cyber criminals are no exception. ... Read more

-
CybersecurityNews
5 Email Attacks SOCs Cannot Detect Without A Sandbox
Even with Slack, Teams, and every new communication tool out there, email remains the top attack vector for businesses. Why? Because it’s familiar, trusted, and easy to exploit. One convincing message ... Read more

-
VMRay
May 2025 Detection Highlights: VMRay Threat Identifiers, Config Extractors for Lumma & VideoSpy, and Fresh YARA Rules.
The Labs team at VMRay actively gathers publicly available data to identify any noteworthy malware developments that demand immediate attention. We complement this effort with our internal tracking an ... Read more

-
Daily CyberSecurity
Kaspersky Report Reveals Growing Threat from Old Exploits and OS Vulnerabilities in Q1 2025
Kaspersky’s latest “Exploits and vulnerabilities in Q1 2025” shows that attackers are doubling down on aging exploits, platform-specific weaknesses, and mismanaged updates. With over 9,700 vulnerabili ... Read more

-
The Hacker News
Fake Recruiter Emails Target CFOs Using Legit NetBird Tool Across 6 Global Regions
Cybersecurity researchers have warned of a new spear-phishing campaign that uses a legitimate remote access tool called Netbird to target Chief Financial Officers (CFOs) and financial executives at ba ... Read more

-
Kaspersky
Exploits and vulnerabilities in Q1 2025
The first quarter of 2025 saw the continued publication of vulnerabilities discovered and fixed in 2024, as some researchers were previously unable to disclose the details. This partially shifted the ... Read more

-
europa.eu
Cyber Brief 25-05 - April 2025
Cyber Brief (April 2025)May 2, 2025 - Version: 1TLP:CLEARExecutive summaryWe analysed 311 open source reports for this Cyber Brief1.Policy, cooperation, and law enforcement. The FBI sought help to ide ... Read more

-
Cyber Security News
Hackers Exploit MS Equation Editor Vulnerability to Deploy XLoader Malware
A sophisticated phishing campaign exploiting a nearly 8-year-old Microsoft Office vulnerability to distribute the dangerous XLoader information stealer. The attack leverages CVE-2017-11882, a memory c ... Read more

-
Cyber Security News
Hackers Exploited 17-year-old Vulnerability to Weaponize Word Documents
Security researchers at Fortinet’s FortiGuard Labs have uncovered a sophisticated phishing campaign that uses weaponized Microsoft Word documents to deliver information-stealing malware to unsuspectin ... Read more

-
The Hacker News
Kimsuky Exploits BlueKeep RDP Vulnerability to Breach Systems in South Korea and Japan
Cybersecurity researchers have flagged a new malicious campaign related to the North Korean state-sponsored threat actor known as Kimsuky that exploits a now-patched vulnerability impacting Microsoft ... Read more

-
Cyber Security News
Kimusky Hackers Exploiting RDP & MS Office Vulnerabilities in Targeted Attacks
A sophisticated Advanced Persistent Threat (APT) operation named Larva-24005, linked to the notorious Kimsuky threat group, has been discovered actively exploiting critical vulnerabilities in Remote D ... Read more

-
Daily CyberSecurity
Larva-24005: Kimsuky’s Global Cyber Espionage Campaign Exploits RDP and Office Flaws
A new cybersecurity report from the AhnLab Security intelligence Center (ASEC) has shed light on a recently identified operation linked to the notorious Kimsuky group. Dubbed “Larva-24005,” this campa ... Read more

-
BleepingComputer
Chinese hackers target Russian govt with upgraded RAT malware
Chinese-speaking IronHusky hackers are targeting Russian and Mongolian government organizations using upgraded MysterySnail remote access trojan (RAT) malware. Security researchers at Kaspersky's Glob ... Read more

-
The Hacker News
Top 3 MS Office Exploits Hackers Use in 2025 – Stay Alert!
Hackers have long used Word and Excel documents as delivery vehicles for malware, and in 2025, these tricks are far from outdated. From phishing schemes to zero-click exploits, malicious Office files ... Read more

-
The Cyber Express
Black Basta Chat Logs Reveal Ransomware Group’s TTPs, IoCs
The Black Basta ransomware group has fallen off dramatically in 2025, and chat logs leaked recently show that internal squabbling may be behind the group’s slowed activity. Cyble threat intelligence r ... Read more

-
Kaspersky
Exploits and vulnerabilities in Q4 2024
Q4 2024 saw fewer published exploits for Windows and Linux compared to the first three quarters. Although the number of registered vulnerabilities continued to rise, the total number of Proof of Conce ... Read more

-
The Cyber Express
Microsoft Patch Tuesday for February Includes Two Zero Days Under Attack
Microsoft’s Patch Tuesday for February 2025 fixes four zero-day vulnerabilities, including two under active attack, plus another eight flaws judged to be at high risk of attack. In all, the Patch Tues ... Read more

-
The Cyber Express
Apple Patches Actively Exploited iOS Zero-Day CVE-2025-24200 in Emergency Update
Apple has issued emergency updates to fix a critical security flaw that is actively being exploited in iOS and iPadOS. On February 10, the tech giant released out-of-band security patches to address a ... Read more
The following table lists the changes that have been made to the
CVE-2017-11882
vulnerability over time.
Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.
-
Modified Analysis by [email protected]
Apr. 07, 2025
Action Type Old Value New Value -
CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0
Feb. 10, 2025
Action Type Old Value New Value Added CVSS V3.1 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Added CWE CWE-119 -
CVE Modified by af854a3a-2127-422b-91ae-364da2661108
Nov. 21, 2024
Action Type Old Value New Value Added Reference http://reversingminds-blog.logdown.com/posts/3907313-fileless-attack-in-word-without-macros-cve-2017-11882 Added Reference http://www.securityfocus.com/bid/101757 Added Reference http://www.securitytracker.com/id/1039783 Added Reference https://0patch.blogspot.com/2017/11/did-microsoft-just-manually-patch-their.html Added Reference https://0patch.blogspot.com/2017/11/official-patch-for-cve-2017-11882-meets.html Added Reference https://github.com/0x09AL/CVE-2017-11882-metasploit Added Reference https://github.com/embedi/CVE-2017-11882 Added Reference https://github.com/rxwx/CVE-2017-11882 Added Reference https://github.com/unamer/CVE-2017-11882 Added Reference https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11882 Added Reference https://researchcenter.paloaltonetworks.com/2017/12/unit42-analysis-of-cve-2017-11882-exploit-in-the-wild/ Added Reference https://web.archive.org/web/20181104111128/https://embedi.com/blog/skeleton-closet-ms-office-vulnerability-you-didnt-know-about/ Added Reference https://www.exploit-db.com/exploits/43163/ Added Reference https://www.kb.cert.org/vuls/id/421280 -
CVE Modified by [email protected]
May. 14, 2024
Action Type Old Value New Value -
Modified Analysis by [email protected]
Mar. 16, 2021
Action Type Old Value New Value Removed CVSS V3 NIST AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Added CVSS V3.1 NIST AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Changed Reference Type https://web.archive.org/web/20181104111128/https://embedi.com/blog/skeleton-closet-ms-office-vulnerability-you-didnt-know-about/ No Types Assigned https://web.archive.org/web/20181104111128/https://embedi.com/blog/skeleton-closet-ms-office-vulnerability-you-didnt-know-about/ Exploit, Mitigation, Third Party Advisory -
CVE Modified by [email protected]
Jan. 26, 2021
Action Type Old Value New Value Removed Reference https://embedi.com/blog/skeleton-closet-ms-office-vulnerability-you-didnt-know-about [Broken Link] Added Reference https://web.archive.org/web/20181104111128/https://embedi.com/blog/skeleton-closet-ms-office-vulnerability-you-didnt-know-about/ [No Types Assigned] -
Modified Analysis by [email protected]
May. 02, 2019
Action Type Old Value New Value Changed Reference Type https://researchcenter.paloaltonetworks.com/2017/12/unit42-analysis-of-cve-2017-11882-exploit-in-the-wild/ No Types Assigned https://researchcenter.paloaltonetworks.com/2017/12/unit42-analysis-of-cve-2017-11882-exploit-in-the-wild/ Exploit, Third Party Advisory Changed Reference Type https://github.com/rxwx/CVE-2017-11882 No Types Assigned https://github.com/rxwx/CVE-2017-11882 Exploit, Third Party Advisory Changed Reference Type https://www.exploit-db.com/exploits/43163/ Third Party Advisory, VDB Entry https://www.exploit-db.com/exploits/43163/ Exploit, Third Party Advisory, VDB Entry Changed Reference Type https://github.com/unamer/CVE-2017-11882 No Types Assigned https://github.com/unamer/CVE-2017-11882 Exploit, Third Party Advisory Changed Reference Type http://reversingminds-blog.logdown.com/posts/3907313-fileless-attack-in-word-without-macros-cve-2017-11882 Third Party Advisory http://reversingminds-blog.logdown.com/posts/3907313-fileless-attack-in-word-without-macros-cve-2017-11882 Exploit, Third Party Advisory Changed Reference Type https://0patch.blogspot.com/2017/11/official-patch-for-cve-2017-11882-meets.html Third Party Advisory https://0patch.blogspot.com/2017/11/official-patch-for-cve-2017-11882-meets.html Exploit, Patch, Third Party Advisory Changed Reference Type https://embedi.com/blog/skeleton-closet-ms-office-vulnerability-you-didnt-know-about Technical Description, Third Party Advisory https://embedi.com/blog/skeleton-closet-ms-office-vulnerability-you-didnt-know-about Broken Link Changed Reference Type https://0patch.blogspot.com/2017/11/did-microsoft-just-manually-patch-their.html Third Party Advisory https://0patch.blogspot.com/2017/11/did-microsoft-just-manually-patch-their.html Exploit, Third Party Advisory -
CVE Modified by [email protected]
Dec. 31, 2017
Action Type Old Value New Value Added Reference https://github.com/rxwx/CVE-2017-11882 [No Types Assigned] -
CVE Modified by [email protected]
Dec. 12, 2017
Action Type Old Value New Value Added Reference https://researchcenter.paloaltonetworks.com/2017/12/unit42-analysis-of-cve-2017-11882-exploit-in-the-wild/ [No Types Assigned] -
CVE Modified by [email protected]
Dec. 06, 2017
Action Type Old Value New Value Added Reference https://github.com/unamer/CVE-2017-11882 [No Types Assigned] -
Initial Analysis by [email protected]
Dec. 05, 2017
Action Type Old Value New Value Added CVSS V2 (AV:N/AC:M/Au:N/C:C/I:C/A:C) Added CVSS V3 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Changed Reference Type http://reversingminds-blog.logdown.com/posts/3907313-fileless-attack-in-word-without-macros-cve-2017-11882 No Types Assigned http://reversingminds-blog.logdown.com/posts/3907313-fileless-attack-in-word-without-macros-cve-2017-11882 Third Party Advisory Changed Reference Type http://www.securityfocus.com/bid/101757 No Types Assigned http://www.securityfocus.com/bid/101757 Third Party Advisory, VDB Entry Changed Reference Type https://0patch.blogspot.com/2017/11/official-patch-for-cve-2017-11882-meets.html No Types Assigned https://0patch.blogspot.com/2017/11/official-patch-for-cve-2017-11882-meets.html Third Party Advisory Changed Reference Type https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11882 No Types Assigned https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11882 Patch, Vendor Advisory Changed Reference Type https://0patch.blogspot.com/2017/11/did-microsoft-just-manually-patch-their.html No Types Assigned https://0patch.blogspot.com/2017/11/did-microsoft-just-manually-patch-their.html Third Party Advisory Changed Reference Type https://www.kb.cert.org/vuls/id/421280 No Types Assigned https://www.kb.cert.org/vuls/id/421280 Third Party Advisory, US Government Resource Changed Reference Type http://www.securitytracker.com/id/1039783 No Types Assigned http://www.securitytracker.com/id/1039783 Third Party Advisory, VDB Entry Changed Reference Type https://embedi.com/blog/skeleton-closet-ms-office-vulnerability-you-didnt-know-about No Types Assigned https://embedi.com/blog/skeleton-closet-ms-office-vulnerability-you-didnt-know-about Technical Description, Third Party Advisory Changed Reference Type https://github.com/0x09AL/CVE-2017-11882-metasploit No Types Assigned https://github.com/0x09AL/CVE-2017-11882-metasploit Exploit, Third Party Advisory Changed Reference Type https://www.exploit-db.com/exploits/43163/ No Types Assigned https://www.exploit-db.com/exploits/43163/ Third Party Advisory, VDB Entry Changed Reference Type https://github.com/embedi/CVE-2017-11882 No Types Assigned https://github.com/embedi/CVE-2017-11882 Exploit, Third Party Advisory Added CWE CWE-119 Added CPE Configuration OR *cpe:2.3:a:microsoft:office:2007:sp3:*:*:*:*:*:* *cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:*:* *cpe:2.3:a:microsoft:office:2013:sp1:*:*:*:*:*:* *cpe:2.3:a:microsoft:office:2016:*:*:*:*:*:*:* -
CVE Modified by [email protected]
Dec. 05, 2017
Action Type Old Value New Value Added Reference http://reversingminds-blog.logdown.com/posts/3907313-fileless-attack-in-word-without-macros-cve-2017-11882 [No Types Assigned] -
CVE Modified by [email protected]
Nov. 29, 2017
Action Type Old Value New Value Added Reference https://0patch.blogspot.com/2017/11/official-patch-for-cve-2017-11882-meets.html [No Types Assigned] -
CVE Modified by [email protected]
Nov. 23, 2017
Action Type Old Value New Value Added Reference https://www.exploit-db.com/exploits/43163/ [No Types Assigned] -
CVE Modified by [email protected]
Nov. 22, 2017
Action Type Old Value New Value Added Reference https://github.com/embedi/CVE-2017-11882 [No Types Assigned] Added Reference https://github.com/0x09AL/CVE-2017-11882-metasploit [No Types Assigned] -
CVE Modified by [email protected]
Nov. 18, 2017
Action Type Old Value New Value Added Reference https://0patch.blogspot.com/2017/11/did-microsoft-just-manually-patch-their.html [No Types Assigned] -
CVE Modified by [email protected]
Nov. 17, 2017
Action Type Old Value New Value Added Reference https://www.kb.cert.org/vuls/id/421280 [No Types Assigned] Added Reference https://embedi.com/blog/skeleton-closet-ms-office-vulnerability-you-didnt-know-about [No Types Assigned] -
CVE Modified by [email protected]
Nov. 16, 2017
Action Type Old Value New Value Added Reference http://www.securitytracker.com/id/1039783 [No Types Assigned] Added Reference http://www.securityfocus.com/bid/101757 [No Types Assigned]
Vulnerability Scoring Details
Base CVSS Score: 7.8
Base CVSS Score: 9.3
Exploit Prediction
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days.
94.38 }} -3.04%
score
0.99963
percentile