Description
Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, Microsoft Excel 2016, Microsoft Office Compatibility Pack Service Pack 3, and Microsoft Excel Viewer 2007 Service Pack 3 allow an attacker to run arbitrary code in the context of the current user by failing to properly handle objects in memory, aka "Microsoft Excel Memory Corruption Vulnerability".
References (3)
Core 3
Core References
Issue Tracking, Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1039783
Issue Tracking, Patch, Vendor Advisory x_refsource_confirm
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11878
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/101756
Scores
CVSS v3
7.8
EPSS
0.0966
EPSS Percentile
93.0%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-119
Status
published
Products (7)
microsoft/excel
2007
microsoft/excel
2010
microsoft/excel
2013 (2 CPE variants)
microsoft/excel
2016
microsoft/excel_viewer
2007 sp3
microsoft/office_compatibility_pack
Microsoft Corporation/Microsoft Office
Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Servi
Published
Nov 15, 2017
Tracked Since
Feb 18, 2026