CVE-2017-11825: Buffer Overflow
First published: Fri Oct 13 2017(Updated: )
Microsoft Office 2016 Click-to-Run (C2R) and Microsoft Office 2016 for Mac allow an attacker to use a specially crafted file to perform actions in the security context of the current user, due to how Microsoft Office handles files in memory, aka "Microsoft Office Remote Code Execution Vulnerability".
Credit: secure@microsoft.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Microsoft Office | =2016 | |
| Microsoft Office for Mac OS X | =2016 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2017-11825?
CVE-2017-11825 is rated as critical due to its potential for remote code execution.
How do I fix CVE-2017-11825?
To fix CVE-2017-11825, ensure that you apply the latest security updates for Microsoft Office 2016.
What are the potential consequences of CVE-2017-11825?
Exploiting CVE-2017-11825 could allow an attacker to execute arbitrary code in the context of the logged-in user.
Which versions of Microsoft software are affected by CVE-2017-11825?
CVE-2017-11825 affects Microsoft Office 2016 Click-to-Run and Microsoft Office 2016 for Mac.
Is there evidence of active exploitation of CVE-2017-11825?
Yes, there have been indications of active exploitation of CVE-2017-11825 in the wild.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/remedy
- agent/author
- agent/last-modified-date
- agent/references
- agent/weakness
- agent/description
- agent/event
- agent/first-publish-date
- agent/softwarecombine
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/microsoft
- canonical/microsoft office
- version/microsoft office/2016
- canonical/microsoft office for mac os x
- version/microsoft office for mac os x/2016