CVE-2017-11877

Name of the Vulnerable Software and Affected Versions Microsoft Excel versions 2007 Service Pack 3 through 2016 Microsoft Office Compatibility Pack version Service Pack 3 Microsoft Excel Viewer version 2007 Service Pack 3 Microsoft Excel 2016 for Mac

Description A security feature bypass issue exists in Microsoft Office software, specifically in how macro settings are enforced on Excel documents. This bypass does not directly allow arbitrary code execution but requires an attacker to embed a control in an Excel worksheet that specifies a macro should be run. To exploit this, an attacker must convince a user to open a specially crafted file with an affected version of Microsoft Office software.

Recommendations For Microsoft Excel 2007 Service Pack 3, consider disabling macro execution until a patch is available. For Microsoft Excel 2010 Service Pack 2, restrict access to macros in Excel documents to minimize the risk of exploitation. For Microsoft Excel 2013 Service Pack 1 and Microsoft Excel 2013 RT Service Pack 1, avoid using macros in Excel worksheets until the issue is resolved. For Microsoft Excel 2016, Microsoft Office Compatibility Pack Service Pack 3, Microsoft Excel Viewer 2007 Service Pack 3, and Microsoft Excel 2016 for Mac, apply configuration changes to enforce macro settings on Excel documents as a temporary workaround.