CVE Number | Vulnerability | Product | Severity | Date |
---|---|---|---|---|
CVE-2017-11877 | Microsoft Excel Security Feature Bypass Vulnerability | Microsoft Excel | Important | 15-11-2017 |
Technical Information
Brief overview of the risk:
A security feature bypass vulnerability exists in Microsoft Office software by not enforcing macro settings on an Excel document.
Detailed Information on the risk:
The security feature bypass by itself does not allow arbitrary code execution. To successfully exploit the vulnerability, an attacker would have to embed a control in an Excel worksheet that specifies a macro should be run. To exploit the vulnerability, an attacker would have to convince a user to open a specially crafted file with an affected version of Microsoft Office software.
Further information on this exploit is available at : CVE-2017-11877
Affected Software
Microsoft Excel 2007 Service Pack 3
Microsoft Excel Viewer 2007 Service Pack 3
Microsoft Excel 2010 Service Pack 2 (32-bit editions)
Microsoft Excel 2010 Service Pack 2 (64-bit editions)
Microsoft Excel 2013 Service Pack 1 (32-bit editions)
Microsoft Excel 2013 Service Pack 1 (64-bit editions)
Microsoft Excel 2013 RT Service Pack 1
Microsoft Excel 2016 for Mac
Microsoft Excel 2016 (32-bit edition)
Microsoft Excel 2016 (64-bit edition)
Microsoft Office Compatibility Pack Service Pack 3