CVE-2018-0802
Microsoft Office Memory Corruption Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
3Exploited in Wild
YesDecision
Descriptions
Equation Editor in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allow a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE is unique from CVE-2018-0797 and CVE-2018-0812.
Equation Editor en Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013 y Microsoft Office 2016 permite una vulnerabilidad de ejecución remota de código debido a la forma en la que se gestionan los objetos en la memoria. Esto también se conoce como "Microsoft Office Memory Corruption Vulnerability". Este CVE es diferente de CVE-2018-0797 y CVE-2018-0812.
Microsoft Office contains a memory corruption vulnerability due to the way objects are handled in memory. Successful exploitation allows for remote code execution in the context of the current user. This vulnerability is known to be chained with CVE-2018-0798.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-12-01 CVE Reserved
- 2018-01-10 CVE Published
- 2018-02-28 First Exploit
- 2021-11-03 Exploited in Wild
- 2022-05-03 KEV Due Date
- 2024-09-16 CVE Updated
- 2024-09-22 EPSS Updated
CWE
- CWE-787: Out-of-bounds Write
CAPEC
References (8)
URL | Tag | Source |
---|---|---|
http://www.securityfocus.com/bid/102347 | Third Party Advisory | |
http://www.securitytracker.com/id/1040153 | Third Party Advisory | |
https://0patch.blogspot.com/2018/01/the-bug-that-killed-equation-editor-how.html | Third Party Advisory | |
https://research.checkpoint.com/another-office-equation-rce-vulnerability | X_refsource_misc |
URL | Date | SRC |
---|---|---|
https://github.com/rxwx/CVE-2018-0802 | 2024-09-16 | |
https://github.com/roninAPT/CVE-2018-0802 | 2018-02-28 | |
https://github.com/zldww2011/CVE-2018-0802_POC | 2024-09-16 |
URL | Date | SRC |
---|---|---|
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0802 | 2020-08-24 |
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Microsoft Search vendor "Microsoft" | Office Search vendor "Microsoft" for product "Office" | 2007 Search vendor "Microsoft" for product "Office" and version "2007" | sp3 |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Office Search vendor "Microsoft" for product "Office" | 2010 Search vendor "Microsoft" for product "Office" and version "2010" | sp2 |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Office Search vendor "Microsoft" for product "Office" | 2013 Search vendor "Microsoft" for product "Office" and version "2013" | sp1 |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Office Search vendor "Microsoft" for product "Office" | 2016 Search vendor "Microsoft" for product "Office" and version "2016" | - |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Office Search vendor "Microsoft" for product "Office" | 2016 Search vendor "Microsoft" for product "Office" and version "2016" | click-to-run |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Office Compatibility Pack Search vendor "Microsoft" for product "Office Compatibility Pack" | - | sp3 |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Word Search vendor "Microsoft" for product "Word" | 2007 Search vendor "Microsoft" for product "Word" and version "2007" | sp3 |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Word Search vendor "Microsoft" for product "Word" | 2010 Search vendor "Microsoft" for product "Word" and version "2010" | sp2 |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Word Search vendor "Microsoft" for product "Word" | 2013 Search vendor "Microsoft" for product "Word" and version "2013" | sp1 |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Word Search vendor "Microsoft" for product "Word" | 2013 Search vendor "Microsoft" for product "Word" and version "2013" | sp1, rt |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Word Search vendor "Microsoft" for product "Word" | 2016 Search vendor "Microsoft" for product "Word" and version "2016" | - |
Affected
|