First published: Tue Jan 09 2018(Updated: )
Equation Editor in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allow a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE is unique from CVE-2018-0797 and CVE-2018-0812.
Credit: secure@microsoft.com secure@microsoft.com
Affected Software | Affected Version | How to fix |
---|---|---|
Microsoft Office | =2007-sp3 | |
Microsoft Office | =2010-sp2 | |
Microsoft Office | =2013-sp1 | |
Microsoft Office | =2016 | |
Microsoft Office | =2016 | |
Microsoft Office Compatibility Pack | =sp3 | |
Microsoft Word | =2007-sp3 | |
Microsoft Word | =2010-sp2 | |
Microsoft Word | =2013-sp1 | |
Microsoft Word | =2013-sp1 | |
Microsoft Word | =2016 | |
Microsoft Office | ||
Microsoft Office | =2013-sp1 | |
Microsoft Word | =2013-sp1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-0802 refers to the Microsoft Office Memory Corruption Vulnerability, which allows for remote code execution.
Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 are affected.
The severity of CVE-2018-0802 is rated as critical with a CVSS score of 7.8.
CVE-2018-0802 can be exploited by manipulating objects in memory, allowing for remote code execution.
Yes, Microsoft has released security updates to address the vulnerability. Users should ensure their Microsoft Office installations are up-to-date.