First published: Mon Jan 22 2018(Updated: )
Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Word Remote Code Execution Vulnerability". This CVE is unique from CVE-2018-0805, CVE-2018-0806, and CVE-2018-0807.
Credit: secure@microsoft.com
Affected Software | Affected Version | How to fix |
---|---|---|
Microsoft Office | =2007-sp3 | |
Microsoft Office | =2010-sp2 | |
Microsoft Office | =2013-sp1 | |
Microsoft Office | =2016 | |
Microsoft Office | =2016 | |
Microsoft Office Compatibility Pack | =sp3 | |
Microsoft Word | =2007-sp3 | |
Microsoft Word | =2010-sp2 | |
Microsoft Word | =2013-sp1 | |
Microsoft Word | =2013-sp1 | |
Microsoft Word | =2016 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-0845 is a remote code execution vulnerability in Equation Editor in various versions of Microsoft Office.
Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 are affected by CVE-2018-0845.
CVE-2018-0845 has a severity rating of 7.8, which is considered critical.
CVE-2018-0845 exploits a vulnerability in the way objects are handled in memory in Equation Editor, allowing for remote code execution.
Yes, you can find official references for CVE-2018-0845 at http://www.securityfocus.com/bid/102746 and https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0845.