CVE-2017-11877

MEDIUM

Microsoft Excel - Security Feature Bypass via Macro Settings Enforcement

Title source: llm
STIX 2.1

Description

Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, Microsoft Excel 2016, Microsoft Office Compatibility Pack Service Pack 3, Microsoft Excel Viewer 2007 Service Pack 3, and Microsoft Excel 2016 for Mac allow a security feature bypass by not enforcing macro settings on an Excel document, aka "Microsoft Excel Security Feature Bypass Vulnerability".

References (3)

Core 3
Core References
Issue Tracking, Patch, Vendor Advisory x_refsource_confirm
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11877
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1039783
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/101747

Scores

CVSS v3 5.5
EPSS 0.1199
EPSS Percentile 93.9%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Details

Status published
Products (7)
microsoft/excel 2007
microsoft/excel 2010
microsoft/excel 2013 (2 CPE variants)
microsoft/excel 2016 (2 CPE variants)
microsoft/excel_viewer 2007 sp3
microsoft/office_compatibility_pack
Microsoft Corporation/Microsoft Office Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Servi
Published Nov 15, 2017
Tracked Since Feb 18, 2026