⚠ Exploited in the wild
Exploitation observed in the wild. Not yet on CISA KEV.

CVE-2018-0796Corporation Microsoft Excel vulnerability

4 documents4 sources
Severity
8.8HIGHNVD
EPSS
36.4%
top 2.88%
CISA KEV
Not in KEV
Exploit
Exploited in wild
Active exploitation observed
Affected products
3
Microsoft Corporation Microsoft ExcelMicrosoft ExcelMicrosoft Office
Timeline
PublishedJan 10
Latest updateMay 13

Description

Microsoft Excel in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Excel Remote Code Execution Vulnerability".

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages3 packages

NVDmicrosoft/excel4 versions+3
CVEListV5microsoft_corporation/microsoft_excelMicrosoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

2
GHSA
GHSA-cmgx-c9h5-p4p3: Microsoft Excel in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulne2022-05-13
CVEList
CVE-2018-0796: Microsoft Excel in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulne2018-01-10

📋Vendor Advisories

1
Microsoft
Microsoft Excel Remote Code Execution Vulnerability2018-01-09
CVE-2018-0796 — HIGH severity | cvebase