What is CVE-2017-11884?

CVE-2017-11884 is a high-severity vulnerability in Microsoft Excel, classified under Improper Restriction of Operations within the Bounds of a Memory Buffer. CVSS score: 7.8/10. Published 2017-11-15.

How severe is CVE-2017-11884?

High severity. CVSS v3 base score is 7.8 out of 10.

Is CVE-2017-11884 known to be exploited?

4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Buffer overflow in Microsoft Excel

CVE-2017-11884

Microsoft Excel 2016 Click-to-Run (C2R) allows an attacker to run arbitrary code in the context of the current user by failing to properly handle objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is uni…

Vulnerability class: Buffer Overflow

EPSS: 0.499 (97.9th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.8 (High). Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H.

Affected products

Microsoft Excel — versions 2016
Microsoft Corporation Office — versions Microsoft Excel 2016 Click-to-Run (C2R)

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

Public proof-of-concept exploits

References

secure@microsoft.com (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_SECTRACK)
secure@microsoft.com (x_refsource_CONFIRM, Patch, Vendor Advisory)
secure@microsoft.com (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_BID)

Frequently asked questions

What is CVE-2017-11884?: CVE-2017-11884 is a high-severity vulnerability in Microsoft Excel, classified under Improper Restriction of Operations within the Bounds of a Memory Buffer. CVSS score: 7.8/10. Published 2017-11-15.
How severe is CVE-2017-11884?: High severity. CVSS v3 base score is 7.8 out of 10.
Is CVE-2017-11884 known to be exploited?: 4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.