PT-2017-12315 · Microsoft · Office 2013 Sp1+2

Published

2017-12-12

Updated

2018-10-30

CVE-2017-11934

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Microsoft Office versions 2013 RT SP1 through 2016

Description An information disclosure issue exists due to the improper handling of objects in memory by Microsoft Office, which could allow an attacker to compromise a user's computer or data by exploiting the vulnerability.

Recommendations For Microsoft Office 2013 RT SP1, update to a version that fixes the information disclosure issue. For Microsoft Office 2013 SP1, apply the necessary patch to resolve the memory handling issue. For Microsoft Office 2016, ensure that all security updates are applied to mitigate the risk of information disclosure.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2017-11934

Affected Products

Office 2013 Sp1

Office 2016

Office

PT-2017-12315 · Microsoft · Office 2013 Sp1+2

CVE-2017-11934

Weakness Enumeration

Related Identifiers

Affected Products

References · 5