cnvd - cnvd-2017-34031

cnvd-2017-34031

Vulnerability from cnvd

Title: Microsoft office组件EQNEDT32.EXE内存破坏漏洞

Description:

Microsoft Office是微软公司开发的一套基于Windows操作系统的办公软件套装。

Microsoft office负责在文档中插入和编辑公式 (OLE 对象) 的 MS 办公室组件EQNEDT32.EXE中存在内存破坏漏洞。利用此漏洞需要使用受影响的微软office 或 Microsoft 写字板程序打开恶意文件，未经身份验证的远程攻击者可以在目标系统上执行恶意代码，远程安装恶意软件，进而可能控制整个操作系统。

Severity: 高

Patch Name: Microsoft office组件EQNEDT32.EXE内存破坏漏洞的补丁

Patch Description:

Microsoft Office是微软公司开发的一套基于Windows操作系统的办公软件套装。

Formal description:

用户可参考如下安全公告获取补丁以修复该漏洞： https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11882

Reference: https://thehackernews.com/2017/11/microsoft-office-rce-exploit.html

Impacted products

Name
Microsoft Office

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-11882"
    }
  },
  "description": "Microsoft Office\u662f\u5fae\u8f6f\u516c\u53f8\u5f00\u53d1\u7684\u4e00\u5957\u57fa\u4e8eWindows\u64cd\u4f5c\u7cfb\u7edf\u7684\u529e\u516c\u8f6f\u4ef6\u5957\u88c5\u3002\r\n\r\nMicrosoft office\u8d1f\u8d23\u5728\u6587\u6863\u4e2d\u63d2\u5165\u548c\u7f16\u8f91\u516c\u5f0f (OLE \u5bf9\u8c61) \u7684 MS \u529e\u516c\u5ba4\u7ec4\u4ef6EQNEDT32.EXE\u4e2d\u5b58\u5728\u5185\u5b58\u7834\u574f\u6f0f\u6d1e\u3002\u5229\u7528\u6b64\u6f0f\u6d1e\u9700\u8981\u4f7f\u7528\u53d7\u5f71\u54cd\u7684\u5fae\u8f6foffice \u6216 Microsoft \u5199\u5b57\u677f\u7a0b\u5e8f\u6253\u5f00\u6076\u610f\u6587\u4ef6\uff0c\u672a\u7ecf\u8eab\u4efd\u9a8c\u8bc1\u7684\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u4ee5\u5728\u76ee\u6807\u7cfb\u7edf\u4e0a\u6267\u884c\u6076\u610f\u4ee3\u7801\uff0c\u8fdc\u7a0b\u5b89\u88c5\u6076\u610f\u8f6f\u4ef6\uff0c\u8fdb\u800c\u53ef\u80fd\u63a7\u5236\u6574\u4e2a\u64cd\u4f5c\u7cfb\u7edf\u3002",
  "discovererName": "Embedi",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u5b89\u5168\u516c\u544a\u83b7\u53d6\u8865\u4e01\u4ee5\u4fee\u590d\u8be5\u6f0f\u6d1e\uff1a\r\nhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11882",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-34031",
  "openTime": "2017-11-16",
  "patchDescription": "Microsoft Office\u662f\u5fae\u8f6f\u516c\u53f8\u5f00\u53d1\u7684\u4e00\u5957\u57fa\u4e8eWindows\u64cd\u4f5c\u7cfb\u7edf\u7684\u529e\u516c\u8f6f\u4ef6\u5957\u88c5\u3002\r\n\r\nMicrosoft office\u8d1f\u8d23\u5728\u6587\u6863\u4e2d\u63d2\u5165\u548c\u7f16\u8f91\u516c\u5f0f (OLE \u5bf9\u8c61) \u7684 MS \u529e\u516c\u5ba4\u7ec4\u4ef6EQNEDT32.EXE\u4e2d\u5b58\u5728\u5185\u5b58\u7834\u574f\u6f0f\u6d1e\u3002\u5229\u7528\u6b64\u6f0f\u6d1e\u9700\u8981\u4f7f\u7528\u53d7\u5f71\u54cd\u7684\u5fae\u8f6foffice \u6216 Microsoft \u5199\u5b57\u677f\u7a0b\u5e8f\u6253\u5f00\u6076\u610f\u6587\u4ef6\uff0c\u672a\u7ecf\u8eab\u4efd\u9a8c\u8bc1\u7684\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u4ee5\u5728\u76ee\u6807\u7cfb\u7edf\u4e0a\u6267\u884c\u6076\u610f\u4ee3\u7801\uff0c\u8fdc\u7a0b\u5b89\u88c5\u6076\u610f\u8f6f\u4ef6\uff0c\u8fdb\u800c\u53ef\u80fd\u63a7\u5236\u6574\u4e2a\u64cd\u4f5c\u7cfb\u7edf\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Microsoft office\u7ec4\u4ef6EQNEDT32.EXE\u5185\u5b58\u7834\u574f\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Microsoft Office"
  },
  "referenceLink": "https://thehackernews.com/2017/11/microsoft-office-rce-exploit.html",
  "serverity": "\u9ad8",
  "submitTime": "2017-11-16",
  "title": "Microsoft office\u7ec4\u4ef6EQNEDT32.EXE\u5185\u5b58\u7834\u574f\u6f0f\u6d1e"
}

CVE-2017-11882 (GCVE-0-2017-11882)

Vulnerability from cvelistv5

Published

2017-11-15 03:00

Modified

2025-07-30 01:46

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE

Remote Code Execution

Summary

Microsoft Office 2007 Service Pack 3, Microsoft Office 2010 Service Pack 2, Microsoft Office 2013 Service Pack 1, and Microsoft Office 2016 allow an attacker to run arbitrary code in the context of the current user by failing to properly handle objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11884.

References

▼	URL	Tags
	https://github.com/embedi/CVE-2017-11882	x_refsource_MISC
	https://github.com/unamer/CVE-2017-11882	x_refsource_MISC
	http://reversingminds-blog.logdown.com/posts/3907313-fileless-attack-in-word-without-macros-cve-2017-11882	x_refsource_MISC
	https://github.com/rxwx/CVE-2017-11882	x_refsource_MISC
	http://www.securityfocus.com/bid/101757	vdb-entry, x_refsource_BID
	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11882	x_refsource_CONFIRM
	https://researchcenter.paloaltonetworks.com/2017/12/unit42-analysis-of-cve-2017-11882-exploit-in-the-wild/	x_refsource_MISC
	http://www.securitytracker.com/id/1039783	vdb-entry, x_refsource_SECTRACK
	https://www.kb.cert.org/vuls/id/421280	third-party-advisory, x_refsource_CERT-VN
	https://0patch.blogspot.com/2017/11/did-microsoft-just-manually-patch-their.html	x_refsource_MISC
	https://0patch.blogspot.com/2017/11/official-patch-for-cve-2017-11882-meets.html	x_refsource_MISC
	https://github.com/0x09AL/CVE-2017-11882-metasploit	x_refsource_MISC
	https://www.exploit-db.com/exploits/43163/	exploit, x_refsource_EXPLOIT-DB
	https://web.archive.org/web/20181104111128/https://embedi.com/blog/skeleton-closet-ms-office-vulnerability-you-didnt-know-about/	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	Microsoft Corporation	Microsoft Office	Version: Microsoft Office 2007 Service Pack 3, Microsoft Office 2010 Service Pack 2, Microsoft Office 2013 Service Pack 1, Microsoft Office 2016

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T18:19:39.387Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/embedi/CVE-2017-11882"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/unamer/CVE-2017-11882"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://reversingminds-blog.logdown.com/posts/3907313-fileless-attack-in-word-without-macros-cve-2017-11882"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/rxwx/CVE-2017-11882"
          },
          {
            "name": "101757",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/101757"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11882"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://researchcenter.paloaltonetworks.com/2017/12/unit42-analysis-of-cve-2017-11882-exploit-in-the-wild/"
          },
          {
            "name": "1039783",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1039783"
          },
          {
            "name": "VU#421280",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "https://www.kb.cert.org/vuls/id/421280"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://0patch.blogspot.com/2017/11/did-microsoft-just-manually-patch-their.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://0patch.blogspot.com/2017/11/official-patch-for-cve-2017-11882-meets.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/0x09AL/CVE-2017-11882-metasploit"
          },
          {
            "name": "43163",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/43163/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://web.archive.org/web/20181104111128/https://embedi.com/blog/skeleton-closet-ms-office-vulnerability-you-didnt-know-about/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 7.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2017-11882",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-10T14:42:21.991125Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2021-11-03",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-11882"
              },
              "type": "kev"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-119",
                "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-30T01:46:20.472Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "timeline": [
          {
            "lang": "en",
            "time": "2021-11-03T00:00:00+00:00",
            "value": "CVE-2017-11882 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Microsoft Office",
          "vendor": "Microsoft Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Microsoft Office 2007 Service Pack 3, Microsoft Office 2010 Service Pack 2, Microsoft Office 2013 Service Pack 1, Microsoft Office 2016"
            }
          ]
        }
      ],
      "datePublic": "2017-11-14T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Microsoft Office 2007 Service Pack 3, Microsoft Office 2010 Service Pack 2, Microsoft Office 2013 Service Pack 1, and Microsoft Office 2016 allow an attacker to run arbitrary code in the context of the current user by failing to properly handle objects in memory, aka \"Microsoft Office Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-11884."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Remote Code Execution",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-01-20T22:10:03.000Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/embedi/CVE-2017-11882"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/unamer/CVE-2017-11882"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://reversingminds-blog.logdown.com/posts/3907313-fileless-attack-in-word-without-macros-cve-2017-11882"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/rxwx/CVE-2017-11882"
        },
        {
          "name": "101757",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/101757"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11882"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://researchcenter.paloaltonetworks.com/2017/12/unit42-analysis-of-cve-2017-11882-exploit-in-the-wild/"
        },
        {
          "name": "1039783",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1039783"
        },
        {
          "name": "VU#421280",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "https://www.kb.cert.org/vuls/id/421280"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://0patch.blogspot.com/2017/11/did-microsoft-just-manually-patch-their.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://0patch.blogspot.com/2017/11/official-patch-for-cve-2017-11882-meets.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/0x09AL/CVE-2017-11882-metasploit"
        },
        {
          "name": "43163",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/43163/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://web.archive.org/web/20181104111128/https://embedi.com/blog/skeleton-closet-ms-office-vulnerability-you-didnt-know-about/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "DATE_PUBLIC": "2017-11-14T00:00:00",
          "ID": "CVE-2017-11882",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Microsoft Office",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Microsoft Office 2007 Service Pack 3, Microsoft Office 2010 Service Pack 2, Microsoft Office 2013 Service Pack 1, Microsoft Office 2016"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Microsoft Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Microsoft Office 2007 Service Pack 3, Microsoft Office 2010 Service Pack 2, Microsoft Office 2013 Service Pack 1, and Microsoft Office 2016 allow an attacker to run arbitrary code in the context of the current user by failing to properly handle objects in memory, aka \"Microsoft Office Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-11884."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Remote Code Execution"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/embedi/CVE-2017-11882",
              "refsource": "MISC",
              "url": "https://github.com/embedi/CVE-2017-11882"
            },
            {
              "name": "https://github.com/unamer/CVE-2017-11882",
              "refsource": "MISC",
              "url": "https://github.com/unamer/CVE-2017-11882"
            },
            {
              "name": "http://reversingminds-blog.logdown.com/posts/3907313-fileless-attack-in-word-without-macros-cve-2017-11882",
              "refsource": "MISC",
              "url": "http://reversingminds-blog.logdown.com/posts/3907313-fileless-attack-in-word-without-macros-cve-2017-11882"
            },
            {
              "name": "https://github.com/rxwx/CVE-2017-11882",
              "refsource": "MISC",
              "url": "https://github.com/rxwx/CVE-2017-11882"
            },
            {
              "name": "101757",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/101757"
            },
            {
              "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11882",
              "refsource": "CONFIRM",
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11882"
            },
            {
              "name": "https://researchcenter.paloaltonetworks.com/2017/12/unit42-analysis-of-cve-2017-11882-exploit-in-the-wild/",
              "refsource": "MISC",
              "url": "https://researchcenter.paloaltonetworks.com/2017/12/unit42-analysis-of-cve-2017-11882-exploit-in-the-wild/"
            },
            {
              "name": "1039783",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1039783"
            },
            {
              "name": "VU#421280",
              "refsource": "CERT-VN",
              "url": "https://www.kb.cert.org/vuls/id/421280"
            },
            {
              "name": "https://0patch.blogspot.com/2017/11/did-microsoft-just-manually-patch-their.html",
              "refsource": "MISC",
              "url": "https://0patch.blogspot.com/2017/11/did-microsoft-just-manually-patch-their.html"
            },
            {
              "name": "https://0patch.blogspot.com/2017/11/official-patch-for-cve-2017-11882-meets.html",
              "refsource": "MISC",
              "url": "https://0patch.blogspot.com/2017/11/official-patch-for-cve-2017-11882-meets.html"
            },
            {
              "name": "https://github.com/0x09AL/CVE-2017-11882-metasploit",
              "refsource": "MISC",
              "url": "https://github.com/0x09AL/CVE-2017-11882-metasploit"
            },
            {
              "name": "43163",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/43163/"
            },
            {
              "name": "https://web.archive.org/web/20181104111128/https://embedi.com/blog/skeleton-closet-ms-office-vulnerability-you-didnt-know-about/",
              "refsource": "MISC",
              "url": "https://web.archive.org/web/20181104111128/https://embedi.com/blog/skeleton-closet-ms-office-vulnerability-you-didnt-know-about/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2017-11882",
    "datePublished": "2017-11-15T03:00:00.000Z",
    "dateReserved": "2017-07-31T00:00:00.000Z",
    "dateUpdated": "2025-07-30T01:46:20.472Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted