CVE-2017-11854

high

Description

Microsoft Word 2007 Service Pack 3, Microsoft Word 2010 Service Pack 2, Microsoft Office 2010 Service Pack 2, and Microsoft Office Compatibility Pack Service Pack 3 allow an attacker to run arbitrary code in the context of the current user by failing to properly handle objects in memory, aka "Microsoft Word Memory Corruption Vulnerability".

References

Advisories
More

http://www.securitytracker.com/id/1039795

http://www.securityfocus.com/bid/101746

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11854

Details

Source: Mitre, NVD

Published: 2017-11-15

Updated: 2025-04-20

Risk Information

CVSS v2

Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.18707