HTTP: Microsoft Word CVE-2017-11854 Remote Code Execution

An Uninitialized Memory Use vulnerability has been found in Microsoft Word. Successful exploitation of this vulnerability could achieve Remote Code Execution.

Extended Description

Microsoft Word 2007 Service Pack 3, Microsoft Word 2010 Service Pack 2, Microsoft Office 2010 Service Pack 2, and Microsoft Office Compatibility Pack Service Pack 3 allow an attacker to run arbitrary code in the context of the current user by failing to properly handle objects in memory, aka "Microsoft Word Memory Corruption Vulnerability".

Affected Products

Microsoft office_compatibility_pack

References

CVE: CVE-2017-11854

Short Name
HTTP:STC:DL:CVE-2017-11854-RCE
Severity
Major
Recommended
True
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2017-11854 Code Execution Microsoft Remote Word
Release Date
11/13/2017
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3590
False Positive
Unknown
Vendors

Microsoft

CVSS Score

9.3

Found a potential security threat?