CVE-2017-11854

Name of the Vulnerable Software and Affected Versions Microsoft Word versions 2007 Service Pack 3 through 2010 Service Pack 2 Microsoft Office versions 2010 Service Pack 2 Microsoft Office Compatibility Pack version Service Pack 3

Description A remote code execution issue exists in Microsoft Office software due to improper handling of objects in memory. This could allow an attacker to run arbitrary code in the context of the current user. If the current user has administrative rights, the attacker could take control of the system, install programs, view, change, or delete data, or create new accounts with full user rights. Exploitation requires a user to open a specially crafted file with an affected version of Microsoft Office.

Recommendations For Microsoft Word 2007 Service Pack 3, update to a newer version to mitigate the risk. For Microsoft Word 2010 Service Pack 2, update to a newer version to mitigate the risk. For Microsoft Office 2010 Service Pack 2, update to a newer version to mitigate the risk. For Microsoft Office Compatibility Pack Service Pack 3, update to a newer version to mitigate the risk. As a temporary workaround, consider avoiding the use of affected Microsoft Office software until a patch is available.