CVE-2018-0802 – Microsoft Office Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2018-0802
Equation Editor in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allow a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE is unique from CVE-2018-0797 and CVE-2018-0812. Equation Editor en Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013 y Microsoft Office 2016 permite una vulnerabilidad de ejecución remota de código debido a la forma en la que se gestionan los objetos en la memoria. Esto también se conoce como "Microsoft Office Memory Corruption Vulnerability". Este CVE es diferente de CVE-2018-0797 y CVE-2018-0812. • https://github.com/rxwx/CVE-2018-0802 https://github.com/roninAPT/CVE-2018-0802 http://www.securityfocus.com/bid/102347 http://www.securitytracker.com/id/1040153 https://0patch.blogspot.com/2018/01/the-bug-that-killed-equation-editor-how.html https://github.com/zldww2011/CVE-2018-0802_POC https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0802 https://research.checkpoint.com/another-office-equation-rce-vulnerability • CWE-787: Out-of-bounds Write •
CVE-2018-0812
https://notcve.org/view.php?id=CVE-2018-0812
Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Word Memory Corruption Vulnerability". Equation Editor en Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013 y Microsoft Office 2016 permite una vulnerabilidad de ejecución remota de código debido a la forma en la que se gestionan los objetos en la memoria. Esto también se conoce como "Microsoft Word Memory Corruption Vulnerability". • http://www.securityfocus.com/bid/102463 http://www.securitytracker.com/id/1040153 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0812 • CWE-787: Out-of-bounds Write •
CVE-2018-0798 – Microsoft Office Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2018-0798
Equation Editor in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Office Memory Corruption Vulnerability". Equation Editor en Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013 y Microsoft Office 2016 permite una vulnerabilidad de ejecución remota de código debido a la forma en la que se gestionan los objetos en la memoria. Esto también se conoce como "Microsoft Office Memory Corruption Vulnerability". Microsoft Office contains a memory corruption vulnerability due to the way objects are handled in memory. Successful exploitation allows for remote code execution in the context of the current user. • https://github.com/Sunqiz/CVE-2018-0798-reproduction http://www.securityfocus.com/bid/102370 http://www.securitytracker.com/id/1040153 https://0patch.blogspot.com/2018/01/bringing-abandoned-equation-editor-back.html https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0798 • CWE-787: Out-of-bounds Write •
CVE-2018-0797
https://notcve.org/view.php?id=CVE-2018-0797
Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allow a remote code execution vulnerability due to the way RTF content is handled, aka "Microsoft Word Memory Corruption Vulnerability". Microsoft Office 2010, Microsoft Office 2013 y Microsoft Office 2016 permiten una vulnerabilidad de ejecución remota de código debido a la forma en la que se gestiona el contenido RTF. Esto también se conoce como "Microsoft Word Memory Corruption Vulnerability". • http://www.securityfocus.com/bid/102406 http://www.securitytracker.com/id/1040153 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0797 • CWE-787: Out-of-bounds Write •
CVE-2017-11854
https://notcve.org/view.php?id=CVE-2017-11854
Microsoft Word 2007 Service Pack 3, Microsoft Word 2010 Service Pack 2, Microsoft Office 2010 Service Pack 2, and Microsoft Office Compatibility Pack Service Pack 3 allow an attacker to run arbitrary code in the context of the current user by failing to properly handle objects in memory, aka "Microsoft Word Memory Corruption Vulnerability". Microsoft Word 2007 Service Pack 3, Microsoft Word 2010 Service Pack 2, Microsoft Office 2010 Service Pack 2 y Microsoft Office Compatibility Pack Service Pack 3 permiten que un atacante ejecute código arbitrario en el contexto del usuario actual al no gestionar correctamente los objetos en la memoria. Esta vulnerabilidad también se conoce como "Microsoft Word Memory Corruption Vulnerability". • http://www.securityfocus.com/bid/101746 http://www.securitytracker.com/id/1039795 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11854 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •