9.3

CVE-2018-0802

Warnung
Exploit
Equation Editor in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allow a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE is unique from CVE-2018-0797 and CVE-2018-0812.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MicrosoftOffice Version2007 Updatesp3
MicrosoftOffice Version2010 Updatesp2
MicrosoftOffice Version2013 Updatesp1 SwEdition-
MicrosoftOffice Version2016
MicrosoftOffice Version2016 SwEditionclick-to-run
MicrosoftOffice Compatibility Pack Version- Updatesp3
MicrosoftWord Version2007 Updatesp3
MicrosoftWord Version2010 Updatesp2
MicrosoftWord Version2013 Updatesp1 SwEdition-
MicrosoftWord Version2013 Updatesp1 SwEditionrt
MicrosoftWord Version2016

03.11.2021: CISA Known Exploited Vulnerabilities (KEV) Catalog

Microsoft Office Memory Corruption Vulnerability

Schwachstelle

Microsoft Office contains a memory corruption vulnerability due to the way objects are handled in memory. Successful exploitation allows for remote code execution in the context of the current user. This vulnerability is known to be chained with CVE-2018-0798.

Beschreibung

Apply updates per vendor instructions.

Erforderliche Maßnahmen
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 93.29% 0.998
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov 9.3 8.6 10
AV:N/AC:M/Au:N/C:C/I:C/A:C
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

http://www.securitytracker.com/id/1040153
Third Party Advisory
Broken Link
VDB Entry
http://www.securityfocus.com/bid/102347
Third Party Advisory
Broken Link
VDB Entry
https://0patch.blogspot.com/2018/01/the-bug-that-killed-equation-editor-how.html
Third Party Advisory
Exploit
https://github.com/rxwx/CVE-2018-0802
Third Party Advisory
Exploit
https://github.com/zldww2011/CVE-2018-0802_POC
Third Party Advisory
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0802
Patch
Vendor Advisory
https://research.checkpoint.com/another-office-equation-rce-vulnerability/
Exploit
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-0802
US Government Resource