What is CVE-2017-11878?

CVE-2017-11878 is a high-severity vulnerability in Microsoft Excel, classified under Improper Restriction of Operations within the Bounds of a Memory Buffer. CVSS score: 7.8/10. Published 2017-11-15.

How severe is CVE-2017-11878?

High severity. CVSS v3 base score is 7.8 out of 10.

Buffer overflow in Microsoft Excel

CVE-2017-11878

Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, Microsoft Excel 2016, Microsoft Office Compatibility Pack Service Pack 3, and Microsoft…

Vulnerability class: Buffer Overflow

EPSS: 0.097 (93.1th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.8 (High). Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H.

Affected products

Microsoft Excel — versions 2007, 2010, 2013
Microsoft Excel_viewer — versions 2007
Microsoft Office_compatibility_pack
Microsoft Corporation Office — versions Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, Microsoft Excel 2016, Microsoft Office Compatibility Pack Service Pack 3, and Microsoft Excel Viewer 2007 Service Pack 3

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

References

secure@microsoft.com (VDB Entry, Third Party Advisory, vdb-entry, Issue Tracking, x_refsource_SECTRACK)
secure@microsoft.com (x_refsource_CONFIRM, Patch, Issue Tracking, Vendor Advisory)
secure@microsoft.com (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_BID)

Frequently asked questions

What is CVE-2017-11878?: CVE-2017-11878 is a high-severity vulnerability in Microsoft Excel, classified under Improper Restriction of Operations within the Bounds of a Memory Buffer. CVSS score: 7.8/10. Published 2017-11-15.
How severe is CVE-2017-11878?: High severity. CVSS v3 base score is 7.8 out of 10.