First published: Thu Apr 12 2018(Updated: )
An information disclosure vulnerability exists when Office renders Rich Text Format (RTF) email messages containing OLE objects when a message is opened or previewed, aka "Microsoft Office Information Disclosure Vulnerability." This affects Microsoft Word, Microsoft Office. This CVE ID is unique from CVE-2018-1007.
Credit: secure@microsoft.com
Affected Software | Affected Version | How to fix |
---|---|---|
Microsoft Office | =2010-sp2 | |
Microsoft Office | =2016 | |
Microsoft Office Compatibility Pack | =sp3 | |
Microsoft Word | =2007-sp3 | |
Microsoft Word | =2010-sp2 | |
Microsoft Word | =2013-sp1 | |
Microsoft Word | =2013-sp1 | |
Microsoft Word | =2016 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-0950 is an information disclosure vulnerability in Microsoft Office when rendering Rich Text Format (RTF) email messages containing OLE objects.
CVE-2018-0950 affects Microsoft Word and Microsoft Office as it allows for information disclosure when opening or previewing RTF email messages containing OLE objects.
CVE-2018-0950 has a severity level of medium with a CVSS score of 6.5.
Yes, Microsoft has released security updates to address CVE-2018-0950. It is recommended to install the latest updates for Microsoft Office and Microsoft Word.
You can find more information about CVE-2018-0950 on the Microsoft Security Guidance Advisory page and the SecurityFocus and Security Tracker websites.