9.3

CVE-2018-0798

Warning

Equation Editor in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Office Memory Corruption Vulnerability".

Data is provided by the National Vulnerability Database (NVD)
MicrosoftOffice Version2007 Updatesp3
MicrosoftOffice Version2010 Updatesp2
MicrosoftOffice Version2013 Updatesp1
MicrosoftOffice Version2016
MicrosoftOffice Version2016 SwEditionclick-to-run
MicrosoftOffice Compatibility Pack Version- Updatesp3
MicrosoftWord Version2007 Updatesp3
MicrosoftWord Version2010 Updatesp2
MicrosoftWord Version2013 Updatesp1
MicrosoftWord Version2013 Updatesp1 SwEditionrt
MicrosoftWord Version2016

03.11.2021: CISA Known Exploited Vulnerabilities (KEV) Catalog

Microsoft Office Memory Corruption Vulnerability

Vulnerability

Microsoft Office contains a memory corruption vulnerability due to the way objects are handled in memory. Successful exploitation allows for remote code execution in the context of the current user. This vulnerability is known to be chained with CVE-2018-0802.

Description

Apply updates per vendor instructions.

Required actions
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 94.18% 0.999
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 8.8 2.8 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov 9.3 8.6 10
AV:N/AC:M/Au:N/C:C/I:C/A:C
134c704f-9b21-4f2e-91b3-4a467353bcc0 8.8 2.8 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

http://www.securitytracker.com/id/1040153
Third Party Advisory
Broken Link
VDB Entry
http://www.securityfocus.com/bid/102370
Third Party Advisory
Broken Link
VDB Entry