CVE-2018-0794 — Corporation Microsoft Word vulnerability

4 documents4 sources

Severity

8.8HIGHNVD

EPSS

36.4%

top 2.88%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Corporation Microsoft Word Microsoft Office Microsoft Word

Timeline

PublishedJan 10

Latest updateMay 13

Description

Microsoft Word in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Word Remote Code Execution Vulnerability". This CVE is unique from CVE-2018-0792.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages3 packages

▶NVDmicrosoft/office2010, 2016+1

▶NVDmicrosoft/word4 versions+3

▶CVEListV5microsoft_corporation/microsoft_wordMicrosoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-5jh9-9qf9-9mj6: Microsoft Word in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulner↗2022-05-13

▶

CVEList

CVE-2018-0794: Microsoft Word in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulner↗2018-01-10

▶

📋Vendor Advisories

Microsoft

Microsoft Office Remote Code Execution Vulnerability↗2018-01-09

▶