Microsoft Office is prone to a memory-corruption vulnerability.
An attacker can leverage this issue to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely result in denial of service conditions.
Information
Microsoft Word 2016 (64-bit edition) 0
Microsoft Word 2016 (32-bit edition) 0
Microsoft Word 2013 Service Pack 1 (64-bit editions)
Microsoft Word 2013 Service Pack 1 (32-bit editions)
Microsoft Word 2013 RT Service Pack 1 0
Microsoft Word 2010 Service Pack 2 (64-bit editions) 0
Microsoft Word 2010 Service Pack 2 (32-bit editions) 0
Microsoft Word 2007 SP3
Microsoft SharePoint Enterprise Server 2016 0
Microsoft Office Word Viewer 0
Microsoft Office Web Apps Server 2013 SP1
Microsoft Office Web Apps Server 2010 Service Pack 2
Microsoft Office Online Server 2016 0
Microsoft Office Compatibility Pack SP3
Exploit
Reports indicate that this issue is being exploited in the wild.
References:
- Microsoft Homepage (Microsoft)
- CVE-2017-11826 | Microsoft Office Memory Corruption Vulnerability (Microsoft)