vulnerability

Microsoft Office: CVE-2017-11878: Microsoft Excel Remote Code Execution Vulnerability

Try Surface Command

Back to search

Severity

CVSS

(AV:N/AC:M/Au:N/C:C/I:C/A:C)

Published

Nov 15, 2017

Added

Jun 20, 2023

Modified

May 29, 2026

Description

Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, Microsoft Excel 2016, Microsoft Office Compatibility Pack Service Pack 3, and Microsoft Excel Viewer 2007 Service Pack 3 allow an attacker to run arbitrary code in the context of the current user by failing to properly handle objects in memory, aka "Microsoft Excel Memory Corruption Vulnerability".

Solution

microsoft-excel_2016-kb4011220

References

CVE-2017-11878
https://attackerkb.com/topics/CVE-2017-11878
CWE-119
EUVD-EUVD-2017-3475
https://euvd.enisa.europa.eu/vulnerability/EUVD-2017-3475
https://support.microsoft.com/help/4011220

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report