First published: Wed Jan 10 2018(Updated: )
Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allow a remote code execution vulnerability due to the way RTF content is handled, aka "Microsoft Word Memory Corruption Vulnerability".
Credit: secure@microsoft.com
Affected Software | Affected Version | How to fix |
---|---|---|
Microsoft Office | =2010-sp2 | |
Microsoft Office | =2016 | |
Microsoft Office Compatibility Pack | =sp3 | |
Microsoft Office Online Server | =2016 | |
Microsoft Office Web Apps | =2010 | |
Microsoft Office Web Apps | =2010-sp2 | |
Microsoft Office Web Apps Server | =2013-sp1 | |
Microsoft SharePoint Enterprise Server | =2013-sp1 | |
Microsoft SharePoint Enterprise Server | =2016 | |
Microsoft SharePoint Server | =2010-sp2 | |
Microsoft Word | =2007-sp3 | |
Microsoft Word | =2010-sp2 | |
Microsoft Word | =2013-sp1 | |
Microsoft Word | =2013-sp1 | |
Microsoft Word | =2016 | |
Microsoft Word Viewer |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-0797 is a remote code execution vulnerability in Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016.
CVE-2018-0797 has a severity score of 7.8, which is considered critical.
CVE-2018-0797 affects Microsoft Office 2010 SP2, Microsoft Office 2016, and other related software versions.
CVE-2018-0797 allows remote code execution, which could lead to an attacker taking control of the affected system.
Yes, Microsoft has released security updates to address CVE-2018-0797. It is recommended to apply the latest patches.