← voltar
CVE-2017-11882

CVE-2017-11882

CVSS 7.8 HIGHEPSS 99.9%● KEVCWE-119
Em resumo

Versões do Microsoft Office não gerenciam a memória de forma segura, permitindo que atacantes executem código malicioso quando um usuário abre um documento especialmente preparado. Essa falha afeta múltiplas versões do Office e pode levar ao comprometimento completo dos dados e do acesso ao sistema.

Detalhe técnico

Uma vulnerabilidade de corrupção de memória no Microsoft Office 2007 SP3, 2010 SP2, 2013 SP1 e 2016 permite execução arbitrária de código no contexto do usuário atual através de manipulação imprópria de objetos. O vetor de ataque é baseado em documentos (CWE-119), exigindo interação do usuário para abrir um arquivo malicioso, com impacto incluindo roubo de dados e elevação de privilégios.

Resumo gerado e traduzido por IA a partir da descrição oficial.
Microsoft Office 2007 Service Pack 3, Microsoft Office 2010 Service Pack 2, Microsoft Office 2013 Service Pack 1, and Microsoft Office 2016 allow an attacker to run arbitrary code in the context of the current user by failing to properly handle objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11884.
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Produtos afetados
Microsoft Corporation · Microsoft Office
PoCs públicas encontradas37
githubgithub.com/Ridter/CVE-2017-11882538githubgithub.com/embedi/CVE-2017-11882494githubgithub.com/rip1s/CVE-2017-11882329githubgithub.com/rxwx/CVE-2018-0802270githubgithub.com/Ridter/RTF_11882_0802166githubgithub.com/0x09AL/CVE-2017-11882-metasploit98githubgithub.com/starnightcyber/CVE-2017-1188244githubgithub.com/BlackMathIT/2017-11882_Generator35githubgithub.com/likekabin/CVE-2018-0802_CVE-2017-1188211githubgithub.com/Retr0-code/SignHere6githubgithub.com/littlebin404/CVE-2017-118825githubgithub.com/zhouat/cve-2017-118823githubgithub.com/ChaitanyaHaritash/CVE-2017-118822githubgithub.com/Shadowshusky/CVE-2017-11882-2githubgithub.com/ekgg/Overflow-Demo-CVE-2017-118822githubgithub.com/Abdibimantara/Maldoc-Analysis1githubgithub.com/Sunqiz/CVE-2017-11882-reproduction1githubgithub.com/tzwlhack/CVE-2017-118821githubgithub.com/HZachev/ABC0githubgithub.com/qy1202/https-github.com-Ridter-CVE-2017-11882-0githubgithub.com/j0lama/CVE-2017-118820githubgithub.com/chanbin/CVE-2017-118820githubgithub.com/HaoJame/CVE-2017-118820githubgithub.com/ActorExpose/CVE-2017-118820githubgithub.com/likekabin/CVE-2017-118820githubgithub.com/lisinan988/CVE-2017-11882-exp0githubgithub.com/DONKEY0xSHOT/CVE-2017-11882-Blocker0githubgithub.com/Grey-Li/CVE-2017-118820githubgithub.com/herbiezimmerman/CVE-2017-11882-Possible-Remcos-Malspam0githubgithub.com/CSC-pentest/cve-2017-118820githubgithub.com/legendsec/CVE-2017-11882-for-Kali0githubgithub.com/nhuynhuy/cve-2017-118820githubgithub.com/jadeapar/Dragonfish-s-Malware-Cyber-Analysis0githubgithub.com/pixelofapicture/001-Malware-Analysis-CVE-2017-118820githubgithub.com/xdrake1010/CVE-2017-11882-Preventer0exploitdbwww.exploit-db.com/exploits/43163não verificadocve_referencewww.exploit-db.com/exploits/43163/não verificado
⚠ Recursos públicos, para você avaliar a exposição de sistemas que controla ou está autorizado a testar. Teste apenas com autorização.

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
http://reversingminds-blog.logdown.com/posts/3907313-fileless-attack-in-word-without-macros-cve-2017-11882https://0patch.blogspot.com/2017/11/did-microsoft-just-manually-patch-their.htmlhttps://0patch.blogspot.com/2017/11/official-patch-for-cve-2017-11882-meets.htmlhttps://github.com/0x09AL/CVE-2017-11882-metasploithttps://github.com/embedi/CVE-2017-11882https://github.com/rxwx/CVE-2017-11882https://github.com/unamer/CVE-2017-11882https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11882https://researchcenter.paloaltonetworks.com/2017/12/unit42-analysis-of-cve-2017-11882-exploit-in-the-wild/https://web.archive.org/web/20181104111128/https://embedi.com/blog/skeleton-closet-ms-office-vulnerability-you-didnt-know-about/https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-11882https://www.exploit-db.com/exploits/43163/