CVE-2017-11825
HIGHMicrosoft Office 2016 Click-to-Run and for Mac - Remote Code Execution via Crafted File
Title source: llmDescription
Microsoft Office 2016 Click-to-Run (C2R) and Microsoft Office 2016 for Mac allow an attacker to use a specially crafted file to perform actions in the security context of the current user, due to how Microsoft Office handles files in memory, aka "Microsoft Office Remote Code Execution Vulnerability".
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1039539
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/101124
Patch, Vendor Advisory x_refsource_confirm
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11825
Scores
CVSS v3
7.8
EPSS
0.3241
EPSS Percentile
96.9%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-119
Status
published
Products (3)
microsoft/office
2016
microsoft/office_for_mac
2016
Microsoft Corporation/Microsoft Office 2016, Microsoft Office 2016 for Mac
Microsoft Office 2016 Click-to-Run (C2R) and Microsoft Office 2016 for Mac
Published
Oct 13, 2017
Tracked Since
Feb 18, 2026