Alert: Microsoft Office CVE-2017-11826 Memory Corruption Vulnerability

Microsoft Office CVE-2017-11826 Memory Corruption Vulnerability

Reference: CVE-2017-11826
Version: 1.0
Affected software: Microsoft Office

  • Microsoft Office Compatibility Pack SP3
  • Microsoft Office Online Server 2016
  • Microsoft Office Web Apps Server 2010 Service Pack 2
  • Microsoft Office Web Apps Server 2013 SP1
  • Microsoft Office Word Viewer
  • Microsoft SharePoint Enterprise Server 2016
  • Microsoft Word 2007 SP3
  • Microsoft Word 2010 Service Pack 2 (32-bit editions)
  • Microsoft Word 2010 Service Pack 2 (64-bit editions)
  • Microsoft Word 2013 RT Service Pack 1
  • Microsoft Word 2013 Service Pack 1 (32-bit editions)
  • Microsoft Word 2013 Service Pack 1 (64-bit editions)
  • Microsoft Word 2016 (32-bit edition)
  • Microsoft Word 2016 (64-bit edition)
  • Microsoft Word Automation Services

Type: Remote Code Execution

Sources

Risks

An attacker can leverage this issue to execute arbitrary code in the context of the currently logged-in user.
A failed exploitation attempt will likely result in denial of service conditions.

Summary

Qihoo 360 Core Security detected an in-the-wild attack that leveraged CVE-2017-11826.

In order to successfully exploit the vulnerability, a user needs to open a specially crafted file with an affected version of Microsoft Office software.

An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. Depending on the current user privileges, an attacker could take control of the affected system.

The most likely attack scenario is that an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.

Recommended action

Apply the Microsoft security update according to your Office version: