First published: Wed Nov 15 2017(Updated: )
Microsoft Word 2007 Service Pack 3, Microsoft Word 2010 Service Pack 2, Microsoft Office 2010 Service Pack 2, and Microsoft Office Compatibility Pack Service Pack 3 allow an attacker to run arbitrary code in the context of the current user by failing to properly handle objects in memory, aka "Microsoft Word Memory Corruption Vulnerability".
Credit: secure@microsoft.com
Affected Software | Affected Version | How to fix |
---|---|---|
Microsoft Office | =2010-sp2 | |
Microsoft Office Compatibility Pack | =sp3 | |
Microsoft Word | =2007-sp3 | |
Microsoft Word | =2010-sp2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2017-11854 is a vulnerability in Microsoft Word and Microsoft Office that allows an attacker to run arbitrary code in the context of the current user.
CVE-2017-11854 has a severity rating of 8.8 (critical).
Microsoft Word 2007 Service Pack 3, Microsoft Word 2010 Service Pack 2, Microsoft Office 2010 Service Pack 2, and Microsoft Office Compatibility Pack Service Pack 3 are affected by CVE-2017-11854.
An attacker can exploit CVE-2017-11854 by failing to properly handle objects in memory, allowing them to run arbitrary code in the context of the current user.
Yes, patches and fixes are available for CVE-2017-11854. It is recommended to update the affected software to the latest version.