CVE-2017-11877

Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, Microsoft Excel 2016, Microsoft Office Compatibility Pack Service Pack 3, Microsoft Excel Viewer 2007 Service Pack 3, and Microsoft Excel 2016 for Mac allow a security feature bypass by not enforcing macro settings on an Excel document, aka "Microsoft Excel Security Feature Bypass Vulnerability".

Published: Nov 15, 2017
Updated: Apr 13, 2023
CVE: CVE-2017-11877
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.5
AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
microsoft / excel	2013-sp1	2013-sp1.x
microsoft / excel	2016	2016.x
microsoft / office_compatibility_pack	--sp3	--sp3.x
microsoft / excel_viewer	2007-sp3	2007-sp3.x
microsoft / excel	2013	2013.x
microsoft / excel	2010	2010.x
microsoft / excel	2007	2007.x

Vulnerability Database

289,599

CVE-2017-11877