{"vulnerability": "CVE-2017-11826", "sightings": [{"uuid": "61100443-8a9b-427f-9aae-a71bbaeae094", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2017-11826", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/1a6a6d68-b8af-4e6d-baa3-bdd7fa85a1a3", "content": "", "creation_timestamp": "2026-02-02T12:28:16.325902Z"}, {"uuid": "c89350b6-1e95-4d31-870b-358d06db7d2d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2017-11826", "type": "published-proof-of-concept", "source": "https://t.me/Pen7esting/209", "content": "[PoC] 2010~2018 MS Office 0-day/1-day exploit-case-study#OpenXMLTag#RTF#ActiveX#UAF#TIFF#EPS#Moniker\n\nCVE-2010-3333\nCVE-2014-1761\nCVE-2016-7193\nCVE-2015-1641\nCVE-2017-11826\nCVE-2012-0158\nCVE-2012-1856\nCVE-2015-1642\nCVE-2014-6352\nCVE-2015-0097https://t.co/MHJ5xtGSKZ\u2014 Jin Wook (@wugeej) June 14, 2019", "creation_timestamp": "2019-06-18T06:53:33.000000Z"}, {"uuid": "bbd3cb45-4bda-40db-a23c-5fe4a4a43d8b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2017-11826", "type": "published-proof-of-concept", "source": "https://t.me/news4hack/11", "content": "https://www.tarlogic.com/en/blog/exploiting-word-cve-2017-11826/", "creation_timestamp": "2017-12-11T18:53:38.000000Z"}, {"uuid": "62b007b6-78ae-4268-ad84-28b0586d0e5f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2017-11826", "type": "published-proof-of-concept", "source": "https://t.me/w2hack/47", "content": "\u0412 \u043a\u043e\u043d\u0446\u0435 \u043f\u0440\u043e\u0448\u043b\u043e\u0433\u043e \u0433\u043e\u0434\u0430 \u043c\u043d\u043e\u0433\u043e \u0448\u0443\u043c\u0430 \u043d\u0430\u0434\u0435\u043b\u0430\u043b\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c 0-day \u0432 \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442\u0430\u0445 MS Word \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u044e\u0449\u0430\u044f \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u0438 \u043b\u0438\u043d\u043a\u043e\u0432\u043a\u0438 \u0447\u0430\u0441\u0442\u0438 \u043e\u0434\u043d\u0438\u0445 \u0434\u043e\u043a\u043e\u0432 \u0432 \u0434\u0440\u0443\u0433\u0438\u0435 (DDE).  \u0412\u0430\u0436\u043d\u043e \u0442\u043e, \u0447\u0442\u043e \u0430\u0442\u0430\u043a\u0430 \u0431\u044b\u043b\u0430 \u0432\u0437\u044f\u0442\u0430 \u043d\u0430 \u0432\u043e\u043e\u0440\u0443\u0436\u0435\u043d\u0438\u0435 \u043c\u043d\u043e\u0433\u0438\u043c\u0438 ][-\u0433\u0440\u0443\u043f\u043f\u0438\u0440\u043e\u0432\u043a\u0430\u043c\u0438 \u0438 \u043f\u0440\u0438 \u0443\u0441\u043f\u0435\u0448\u043d\u043e\u043c \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0438 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u043b\u0430 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043d\u0430 \u0432\u0437\u043b\u043e\u043c\u0430\u043d\u043d\u043e\u0439 \u043c\u0430\u0448\u0438\u043d\u0435 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u0443\u044e \u0441\u0435\u0441\u0441\u0438\u044e meterpreter. \n\n\u0421\u0435\u0433\u043e\u0434\u043d\u044f \u0441\u043c\u043e\u0442\u0440\u0438\u043c CVE-2017-11826 \u0432 \u0434\u0435\u0442\u0430\u043b\u044f\u0445 \u0438 \u043f\u0440\u043e\u0432\u0435\u0440\u044f\u0435\u043c \u0431\u0430\u0433 \u043d\u0430 \u043f\u0440\u0430\u043a\u0442\u0438\u043a\u0435 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e Metasploit\n\n#pentest #metasploit #kali\n\nhttp://telegra.ph/Razbiraem-nashumevshuyu-0-day-uyazvimost-CVE-2017-11826-v-dokumentah-MS-Word-04-13", "creation_timestamp": "2024-05-02T17:28:04.000000Z"}, {"uuid": "41b1e2b0-e01d-441a-ae7a-c784d7927a6d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2017-11826", "type": "exploited", "source": "https://t.me/information_security_channel/9851", "content": "New Microsoft Office 0-day (CVE-2017-11826) Attack Exploited in the Wild https://t.co/s0OxwcFvhE https://t.co/GVNVMZ78gk", "creation_timestamp": "2017-10-11T16:30:10.000000Z"}, {"uuid": "cdfeba6c-71c1-47bd-819a-07288069e3cb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2017-11826", "type": "exploited", "source": "https://t.me/information_security_channel/9892", "content": "RT @TheHackersNews: New Microsoft Office 0-day (CVE-2017-11826) Attack Exploited in the Wild https://t.co/s0OxwcFvhE https://t.co/GVNVMZ78gk", "creation_timestamp": "2017-10-12T11:04:08.000000Z"}, {"uuid": "3e5702fc-5c18-4028-bc6d-57c8d19da1a5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2017-11826", "type": "published-proof-of-concept", "source": "https://t.me/canyoupwnme/2862", "content": "Exploiting Word: CVE-2017-11826\nhttps://www.tarlogic.com/en/blog/exploiting-word-cve-2017-11826/", "creation_timestamp": "2017-12-12T17:11:15.000000Z"}, {"uuid": "da39ee94-69af-4d6b-8ea6-749c7520df36", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2017-11826", "type": "seen", "source": "MISP/5a684dec-24fc-433e-8ea8-144f95ca48b7", "content": "", "creation_timestamp": "2018-01-24T09:12:25.000000Z"}, {"uuid": "e1936e73-ea38-4484-9a30-ad930548939a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2017-11826", "type": "seen", "source": "MISP/5a684dff-790c-42a3-aa83-17fe95ca48b7", "content": "", "creation_timestamp": "2018-01-24T09:12:32.000000Z"}, {"uuid": "0cb0075e-3844-4323-a482-aa352c1ec35f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2017-11826", "type": "seen", "source": "MISP/292c8ff0-f4d9-40b6-ac72-e44392d6cc31", "content": "", "creation_timestamp": "2020-10-09T16:31:53.000000Z"}, {"uuid": "4a981b94-75f8-47f1-86a4-db07b50efd26", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2017-11826", "type": "seen", "source": "MISP/73a746cd-9f07-49e6-842e-82fc9ea4625f", "content": "", "creation_timestamp": "2020-10-09T16:38:06.000000Z"}, {"uuid": "b5fcf1a3-3f90-4745-9d15-fed368a5bec2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2017-11826", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2025-02-23T02:10:14.000000Z"}, {"uuid": "64391329-3ec9-4a90-8489-f3760f7b073e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2017-11826", "type": "seen", "source": "MISP/ab0b745f-bbd5-338e-8b92-97dd0c757e9d", "content": "", "creation_timestamp": "2025-08-31T03:01:33.000000Z"}, {"uuid": "fdb3e850-576a-4d3a-bc6b-2ea70c915417", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2017-11826", "type": "published-proof-of-concept", "source": "https://t.me/orderofsixangles/309", "content": "1. \u0412 2014 \u0433\u043e\u0434\u0443 \u044f \u043f\u044b\u0442\u0430\u043b\u0441\u044f \u0447\u0442\u043e-\u0442\u043e \u043f\u0435\u0440\u0435\u0432\u043e\u0434\u0438\u0442\u044c \u0438 \u043f\u0438\u0441\u0430\u0442\u044c \u0441\u0442\u0430\u0442\u044c\u0438, \u043d\u043e \u043d\u0438\u0447\u0435\u0433\u043e \u043d\u0435 \u043f\u043e\u043b\u0443\u0447\u0430\u043b\u043e\u0441\u044c \u0438 \u043c\u043e\u0439 \"\u0441\u0430\u0439\u0442\" \u0432\u044b\u0433\u043b\u044f\u0434\u0435\u043b \u0442\u0430\u043a\n\nhttps://thatskriptkid.wordpress.com/\n\n\u0422\u0435\u043f\u0435\u0440\u044c \u043e\u043d \u0432\u044b\u0433\u043b\u044f\u0434\u0438\u0442 \u0442\u0430\u043a\n\nhttps://www.orderofsixangles.com\n\n2. \u041c\u043e\u044f \u0441\u0442\u0430\u0440\u0430\u044f \u0438 \u043d\u0435\u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u043d\u0430\u044f \u0441\u0442\u0430\u0442\u044c\u044f\n\n\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 CVE-2017-11826 \u0438 \u044d\u043a\u0441\u043f\u043b\u043e\u0438\u0442\nhttps://orderofsixangles.com/ru/2018/02/09/ms-cve-2017-11826.html", "creation_timestamp": "2020-05-07T00:58:26.000000Z"}, {"uuid": "025a7471-eb35-4a7a-b2e1-99334be05aa9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2017-11826", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/1a6a6d68-b8af-4e6d-baa3-bdd7fa85a1a3", "content": "", "creation_timestamp": "2026-02-02T12:28:16.325902Z"}, {"uuid": "3dcaabed-1a82-4b10-9bde-b39d1925c2c4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2017-11826", "type": "seen", "source": "Telegram/ad37osL4OW8Vs-9jC6MA8PM8yfIwC8sBddfMAH2SO3vZuVxQ", "content": "", "creation_timestamp": "2025-02-14T09:47:00.000000Z"}, {"uuid": "03ac2b96-f6a3-4ad4-beca-f3c502059c5a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2017-11826", "type": "seen", "source": "https://t.me/arpsyndicate/1152", "content": "#ExploitObserverAlert\n\nCVE-2017-11826\n\nDESCRIPTION: Exploit Observer has 17 entries related to CVE-2017-11826. Microsoft Office 2010, SharePoint Enterprise Server 2010, SharePoint Server 2010, Web Applications, Office Web Apps Server 2010 and 2013, Word Viewer, Word 2007, 2010, 2013 and 2016, Word Automation Services, and Office Online Server allow remote code execution when the software fails to properly handle objects in memory.\n\nFIRST-EPSS: 0.951390000\nNVD-IS: 5.9\nNVD-ES: 1.8", "creation_timestamp": "2023-12-04T07:58:25.000000Z"}, {"uuid": "5cb5381e-8996-4631-b79a-134fb66fcfab", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2017-11826", "type": "published-proof-of-concept", "source": "https://t.me/canyoupwnme/2608", "content": "0patching a Pretty Nasty Microsoft Word Type Confusion Vulnerability (CVE-2017-11826)\nhttps://0patch.blogspot.com.tr/2017/11/0patching-pretty-nasty-microsoft-word.html", "creation_timestamp": "2017-11-09T20:56:42.000000Z"}, {"uuid": "ba126bc1-c3cd-49c5-afda-e500ea9ae8d0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2017-11826", "type": "seen", "source": "MISP/5da58e4c-5a64-4aa3-840e-5e670a3b4631", "content": "", "creation_timestamp": "2019-10-15T09:18:23.000000Z"}, {"uuid": "f4be12be-5108-4d84-8308-2c7c6e6f31c1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2017-11826", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2023-06-14T21:10:03.000000Z"}, {"uuid": "a264c5c9-1760-4645-9ecf-9cf000b679f5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2017-11826", "type": "seen", "source": "https://feedsin.space/feed/CISAKevBot/items/2971316", "content": "", "creation_timestamp": "2024-12-24T20:27:29.841384Z"}]}