First published: Tue Jan 09 2018(Updated: )
Microsoft Word in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Word Remote Code Execution Vulnerability". This CVE is unique from CVE-2018-0792.
Credit: secure@microsoft.com
Affected Software | Affected Version | How to fix |
---|---|---|
Microsoft Office | =2010-sp2 | |
Microsoft Office | =2016 | |
Microsoft Office | =2016 | |
Microsoft Office Compatibility Pack | =sp3 | |
Microsoft Word | =2007-sp3 | |
Microsoft Word | =2010-sp2 | |
Microsoft Word | =2013-sp1 | |
Microsoft Word | =2013-sp1 | |
Microsoft Word | =2016 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-0794 is a remote code execution vulnerability in Microsoft Word in various versions of Microsoft Office.
Microsoft Word in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 are affected.
The severity of CVE-2018-0794 is critical with a CVSS score of 8.8.
CVE-2018-0794 allows remote code execution due to the way objects are handled in memory in Microsoft Word.
Microsoft has provided security guidance and patches for CVE-2018-0794. Update your Microsoft Office installations to the latest version or apply the provided patches.