101219

1039541

https://0patch.blogspot.com/2017/11/0patching-pretty-nasty-microsoft-word.html

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11826

https://securingtomorrow.mcafee.com/mcafee-labs/analyzing-microsoft-office-zero-day-exploit-cve-2017-11826-memory-corruption-vulnerability/

https://www.tarlogic.com/en/blog/exploiting-word-cve-2017-11826/

The Microsoft Sharepoint Server installation on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities :

  - A cross-site scripting (XSS) vulnerability exists when     Microsoft SharePoint Server does not properly sanitize a     specially crafted web request to an affected SharePoint     server. An authenticated attacker could exploit the     vulnerability by sending a specially crafted request to     an affected SharePoint server. The attacker who     successfully exploited the vulnerability could then     perform cross-site scripting attacks on affected systems     and run script in the security context of the current     user. The attacks could allow the attacker to read     content that the attacker is not authorized to read, use     the victim's identity to take actions on the SharePoint     site on behalf of the user, such as change permissions     and delete content, and inject malicious content in the     browser of the user. The security update addresses the     vulnerability by helping to ensure that SharePoint     Server properly sanitizes web requests. (CVE-2017-11775,     CVE-2017-11777, CVE-2017-11820)

  - A remote code execution vulnerability exists in     Microsoft Office software when the software fails to     properly handle objects in memory. An attacker who     successfully exploited the vulnerability could run     arbitrary code in the context of the current user. If     the current user is logged on with administrative user     rights, an attacker could take control of the affected     system. An attacker could then install programs; view,     change, or delete data; or create new accounts with full     user rights.  (CVE-2017-11826)

A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Office software. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.

The security update addresses the vulnerability by correcting how Office handles objects in memory.

The Microsoft Office Products are missing security updates.
It is, therefore, affected by multiple vulnerabilities :

  - Microsoft has released an update for Microsoft Office that     provides enhanced security as a defense-in-depth measure.

  - A remote code execution vulnerability exists in Microsoft Office     software when it fails to properly handle objects in memory. An     attacker who successfully exploited the vulnerability could use a     specially crafted file to perform actions in the security context     of the current user. For example, the file could then take actions     on behalf of the logged-on user with the same permissions as the     current user. (CVE-2017-11825)

  - A remote code execution vulnerability exists in Microsoft Office     software when the software fails to properly handle objects in     memory. An attacker who successfully exploited the vulnerability     could run arbitrary code in the context of the current user. If     the current user is logged on with administrative user rights, an     attacker could take control of the affected system. An attacker     could then install programs; view, change, or delete data; or     create new accounts with full user rights. Users whose accounts     are configured to have fewer user rights on the system could be     less impacted than users who operate with administrative user     rights. (CVE-2017-11826)

The Microsoft Office Products are missing a security update.
  It is, therefore, affected by the following vulnerability :

  - A remote code execution vulnerability exists in     Microsoft Office software when the software fails to     properly handle objects in memory. An attacker who     successfully exploited the vulnerability could run     arbitrary code in the context of the current user. If     the current user is logged on with administrative user     rights, an attacker could take control of the affected     system. An attacker could then install programs; view,     change, or delete data; or create new accounts with full     user rights.  (CVE-2017-11826)

Microsoft Office Compatibility Pack SP3 is missing a security update.
It is, therefore, affected by a remote code execution vulnerability :

  - A remote code execution vulnerability exists in Microsoft Office     software when the software fails to properly handle objects in     memory. An attacker who successfully exploited the vulnerability     could run arbitrary code in the context of the current user. If     the current user is logged on with administrative user rights,     an attacker could take control of the affected system. An     attacker could then install programs; view, change, or delete     data; or create new accounts with full user rights. Users whose     accounts are configured to have fewer user rights on the system     could be less impacted than users who operate with     administrative user rights.

    Exploitation of the vulnerability requires that a user open a     specially crafted file with an affected version of Microsoft     Office software. In an email attack scenario, an attacker could     exploit the vulnerability by sending the specially crafted file     to the user and convincing the user to open the file. In a     web-based attack scenario, an attacker could host a website (or     leverage a compromised website that accepts or hosts     user-provided content) containing a specially crafted file     designed to exploit the vulnerability. An attacker would have no     way to force users to visit the website. Instead, an attacker     would have to convince users to click a link, typically by way     of an enticement in an email or instant message, and then     convince them to open the specially crafted file.

    The security update addresses the vulnerability by correcting     how Office handles objects in memory. (CVE-2017-11826)

ID	Name	Product	Family	Severity
103786	Security Updates for Microsoft Sharepoint Server (October 2017)	Nessus	Windows : Microsoft Bulletins	high
103785	Security Update for Microsoft Office Online Server and Office Web Apps (October 2017)	Nessus	Windows : Microsoft Bulletins	high
103784	Security Updates for Microsoft Office Products (October 2017)	Nessus	Windows : Microsoft Bulletins	high
103754	Security Update for Microsoft Office Word Viewer (October 2017)	Nessus	Windows : Microsoft Bulletins	high
103751	Security Updates for Microsoft Office Compatibility Pack SP3 (October 2017)	Nessus	Windows : Microsoft Bulletins	high

CVE-2017-11826

high

New! CVE Severity Now Using CVSS v3

Description

References

Details

Risk Information

CVSS v2

CVSS v3

Vulnerable Software

Configuration 1

Tenable Plugins

high

high

high

high

high