Actively exploited vulnerability

CVE-2017-11882: Microsoft Office Memory Corruption Vulnerability

Microsoft Office contains a memory corruption vulnerability that allows remote code execution in the context of the current user.

CISA KEV source 3 Nov 2021 added 3 May 2022 remediation due

Affected product

Microsoft · Office

Known ransomware use: Known

Required action

Follow the source advisory and validate exposure in your environment.

Apply updates per vendor instructions.

Related Yasna coverage

Recent reporting that mentions CVE-2017-11882.

The Register14 Aug 2025

Crooks can't let go: Active attacks target Office vuln patched 8 years ago

CVE-2017-11882 in discontinued Equation Editor still attracting keylogger campaigns despite software being killed off in 2018 Very few people are immune to the siren song of nostalgia, a yearning for a "better time" when this was all fields and kids respected their elders - and it looks like cyber criminals are no exception.…