CVE-2017-11878

Name of the Vulnerable Software and Affected Versions Microsoft Excel versions 2007 Service Pack 3 through 2016 Microsoft Office Compatibility Pack version Service Pack 3 Microsoft Excel Viewer version 2007 Service Pack 3

Description The issue is related to the improper handling of objects in memory, which can be exploited by a remote attacker to execute arbitrary code in the context of the current user. If the current user has administrative user rights, the attacker could take control of the affected system, allowing them to install programs, view, change, or delete data, or create new accounts with full user rights. Exploitation requires a user to open a specially crafted file with an affected version of Microsoft Office.

Recommendations For Microsoft Excel versions 2007 Service Pack 3 through 2016, consider avoiding the use of potentially vulnerable functions until a patch is available. For Microsoft Office Compatibility Pack version Service Pack 3, restrict access to specially crafted files until the issue is resolved. For Microsoft Excel Viewer version 2007 Service Pack 3, avoid opening untrusted files with the viewer until a fix is provided. As a temporary workaround, consider disabling the ability to open specially crafted files with affected versions of Microsoft Office until a patch is available.