Zero-day vulnerability in Microsoft Office

Memory corruption
CVE-2017-11826

The weakness was reported to Microsoft by researchers at China-based security firm Qihoo 360. The experts said they first observed an attack exploiting this vulnerability on September 28. The attacks targeted a small number of the company’s customers and they involved malicious RTF files.

Vulnerability details

Advisory: SB2017101001 - Remote code execution in Microsoft Office

Vulnerable component: Microsoft Office

CVE-ID: CVE-2017-11826

CVSSv3 score: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:H/RL:O/RC:C

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Description:

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error when handling malicious content. A remote attacker can send a specially crafted .doc file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with system privileges.

Successful exploitation of the vulnerability may result in system compromise.

Note: the vulnerability is being actively exploited.

Latest references in media:

- Microsoft Patch Tuesday, October 2017 [2018-05-29 04:14:26]

- Microsoft Patch Tuesday, October 2017 [2018-04-05 15:45:40]

- Microsoft Patch Tuesday, October 2017 [2018-03-29 04:36:17]

- Microsoft Patch Tuesday, October 2017 [2018-03-26 00:35:37]

- Microsoft Patch Tuesday, October 2017 [2017-10-10 02:00:00]

- Microsoft Patches Zero-Day Vulnerability in Office [2018-01-09 21:50:39]

- Security practices for users to Open Microsoft Office Documents Securely [2017-11-13 12:13:10]

- Windows 10 Exploit Guard Boosts Endpoint Defenses [2017-11-01 18:30:10]

- Security Alert: Microsoft Office Zero Day and DNS Vulnerabilities Potentially Impacting Users [2017-11-01 09:32:08]

- MS Office Zero-day vulnerability Affected with All Versions of MS Office [2017-10-29 15:00:09]

- Analyzing an exploit for СVE-2017-11826 [2017-10-26 11:25:42]

- Windows Defender Exploit Guard: Reduce the attack surface against next-generation malware [2017-10-23 18:11:18]

- Windows Defender Exploit Guard: Reducing the attack surface with next-generation host intrusion prevention [2017-10-23 15:05:55]

- Security Affairs newsletter Round 132 – News of the week [2017-10-15 11:20:13]

- Microsoft Office 0-day headlines Patch Tuesday, update now! [2017-10-12 13:16:43]

- Microsoft’s October Patch Batch Fixes 62 Flaws [2017-10-11 16:51:02]

- October Patch Tuesday: 61 bugs and one zero-day fixed [2017-10-11 15:12:41]

- Microsoft’s October Patch Tuesday Fixes 62 Vulnerabilities, including an Office Zero-Day [2017-10-11 13:51:49]

- Microsoft’s October Patch Tuesday Fixes 63 Vulnerabilities, including an Office Zero-Day [2017-10-11 12:30:49]

- Light Patch Tuesday this Month with No Adobe Fixes [2017-10-11 12:20:03]

- Microsoft addresses CVE-2017-11826 Office Zero-Day used to deliver malware [2017-10-11 11:20:14]

- October Patch Tuesday — Microsoft releases security patches for 62 vulnerabilities including Microsoft Office RCE, DNSAPI RCE, Windows Subsystem for Linux and SharePoint XSS flaw. [2017-10-11 11:11:10]

- Hackers Can Execute Code on Windows via DNS Responses [2017-10-11 10:11:22]

- It's 2017... And Windows PCs can be pwned via DNS, webpages, Office docs, fonts – and some TPM keys are fscked too [2017-10-11 01:30:01]

- It's 2017... And Windows PCs can be pwned via DNS, webpages, Office docs, fonts – and some TPM keys are fscked too [2017-10-11 00:30:01]

- Microsoft Patches Office Bug Actively Being Exploited [2017-10-10 22:51:27]

- Microsoft Patches Office Zero-Day Used to Deliver Malware [2017-10-10 21:40:19]

- Microsoft October Patch Tuesday Fixes 62 Security Issues, Including a Zero-Day [2017-10-10 20:21:55]

Vulnerability Scanning SaaS

Vulnerability scanning SaaS service is online 3-rd generation vulnerability scanner with scheduled assessments and vulnerability subscription. You can use service to check security of your network perimeter.