CVE-2018-0805
published 2018-01-10CVE-2018-0805: Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code…
PriorityP258high8.8CVSS 3.0
AVNACLPRNUIRSUCHIHAH
EPSS
24.40%
97.6th percentile
Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Word Remote Code Execution Vulnerability". This CVE is unique from CVE-2018-0804, CVE-2018-0806, and CVE-2018-0807
Affected
21 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | office | — | — |
| microsoft | office | — | — |
| microsoft | office | — | — |
| microsoft | office | — | — |
| microsoft | word | — | — |
| microsoft | word | — | — |
| microsoft | word | — | — |
| microsoft | word | — | — |
| microsoft_corporation | equation_editor | — | — |
| msrc | microsoft_office_2007_service_pack_3 | — | — |
| msrc | microsoft_office_2010_service_pack_2 | — | — |
| msrc | microsoft_office_2013_service_pack_1 | — | — |
| msrc | microsoft_office_2016 | — | — |
| msrc | microsoft_office_2016_click-to-run_for_32-bit_editions | — | — |
| msrc | microsoft_office_2016_click-to-run_for_64-bit_editions | — | — |
| msrc | microsoft_office_compatibility_pack_service_pack_3 | — | — |
| msrc | microsoft_word_2007_service_pack_3 | — | — |
| msrc | microsoft_word_2010_service_pack_2 | — | — |
| msrc | microsoft_word_2013_rt_service_pack_1 | — | — |
| msrc | microsoft_word_2013_service_pack_1 | — | — |
| msrc | microsoft_word_2016 | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →The vulnerability is triggered when a user opens a specially crafted file with an affected version of Microsoft Office or Microsoft WordPad software; detection should focus on suspicious Office/WordPad document opens, particularly via email attachments or web downloads. ↗
- →The vulnerability resides in Equation Editor functionality; monitor for EQNEDT32.EXE process spawning child processes or exhibiting anomalous memory behavior. ↗
- →Attack vector includes email-delivered specially crafted files; alert on Office/WordPad documents received via email that launch Equation Editor. ↗
- →Web-based delivery is also a vector; monitor for Office/WordPad documents downloaded from the web that invoke Equation Editor. ↗
- ·CVE-2018-0805 is a distinct vulnerability from CVE-2018-0806, CVE-2018-0807, and CVE-2018-0849, all of which are also Equation Editor RCE bugs in Microsoft Office; ensure detections are not conflated across these CVEs. ↗
- ·Microsoft's fix removes Equation Editor entirely rather than patching it; patched systems will not have EQNEDT32.EXE present, so its presence post-patch is itself an indicator of an unpatched or tampered system. ↗
CVSS provenance
nvdv3.08.8HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
vendor_msrc8.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-qh64-jhmm-4m77: Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remo
ghsa_unreviewed·2022-05-13·CVSS 8.8
CVE-2018-0806 [HIGH] GHSA-qh64-jhmm-4m77: Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remo
Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Word Remote Code Execution Vulnerability". This CVE is unique from CVE-2018-0804, CVE-2018-0805, and CVE-2018-0807.
GHSA
GHSA-rq89-r9ww-4626: Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remo
ghsa_unreviewed·2022-05-13·CVSS 8.8
CVE-2018-0849 [HIGH] GHSA-rq89-r9ww-4626: Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remo
Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Word Remote Code Execution Vulnerability". This CVE is unique from CVE-2018-0805, CVE-2018-0806, and CVE-2018-0807.
GHSA
GHSA-7489-vfr5-j8c4: Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remo
ghsa_unreviewed·2022-05-13·CVSS 8.8
CVE-2018-0848 [HIGH] GHSA-7489-vfr5-j8c4: Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remo
Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Word Remote Code Execution Vulnerability". This CVE is unique from CVE-2018-0805, CVE-2018-0806, and CVE-2018-0807.
GHSA
GHSA-95p4-2qjj-gcpw: Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remo
ghsa_unreviewed·2022-05-13·CVSS 8.8
CVE-2018-0804 [HIGH] GHSA-95p4-2qjj-gcpw: Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remo
Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Word Remote Code Execution Vulnerability". This CVE is unique from CVE-2018-0805, CVE-2018-0806, and CVE-2018-0807.
GHSA
GHSA-6h2g-8w88-2vhg: Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remo
ghsa_unreviewed·2022-05-13·CVSS 8.8
CVE-2018-0807 [HIGH] GHSA-6h2g-8w88-2vhg: Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remo
Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Word Remote Code Execution Vulnerability". This CVE is unique from CVE-2018-0804, CVE-2018-0805, and CVE-2018-0806.
GHSA
GHSA-46h4-jx96-qcqj: Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remo
ghsa_unreviewed·2022-05-13·CVSS 8.8
CVE-2018-0845 [HIGH] GHSA-46h4-jx96-qcqj: Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remo
Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Word Remote Code Execution Vulnerability". This CVE is unique from CVE-2018-0805, CVE-2018-0806, and CVE-2018-0807.
GHSA
GHSA-4846-8x25-45mr: Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remo
ghsa_unreviewed·2022-05-13·CVSS 8.8
CVE-2018-0805 [HIGH] GHSA-4846-8x25-45mr: Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remo
Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Word Remote Code Execution Vulnerability". This CVE is unique from CVE-2018-0804, CVE-2018-0806, and CVE-2018-0807
GHSA
GHSA-ww3g-3qff-hv6g: Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remo
ghsa_unreviewed·2022-05-13·CVSS 8.8
CVE-2018-0862 [HIGH] GHSA-ww3g-3qff-hv6g: Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remo
Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Word Remote Code Execution Vulnerability". This CVE is unique from CVE-2018-0805, CVE-2018-0806, and CVE-2018-0807.
Microsoft
Microsoft Office Memory Corruption Vulnerability
vendor_msrc·2018-01-09·CVSS 8.8
CVE-2018-0805 [HIGH] Microsoft Office Memory Corruption Vulnerability
Microsoft Office Memory Corruption Vulnerability
Description: A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Exploitation of the vulnerability requires that a user open a specially crafted file with
No detection rules found.
No public exploits indexed.
Talos
Microsoft Patch Tuesday - January 2018
blogs_talos·2018-01-09·CVSS 7.5
[HIGH] Microsoft Patch Tuesday - January 2018
## Microsoft Patch Tuesday - January 2018
Today Microsoft has released its monthly set of security advisories for vulnerabilities that have been identified and addressed in various products. This month's advisory release addresses 56 new vulnerabilities with 16 of them rated critical, 39 of them rated important and 1 of them rated Moderate. These vulnerabilities impact ASP.NET, Edge, Internet Explorer, Office, Windows, and more.
In addition to the 56 vulnerabilities addressed, Microsoft has also released an update that addresses Meltdown and Spectre. Mitigations for these two vulnerabilities were published for Windows in ADV180002 . Note that due to incompatibilities with anti-virus products, users and organizations may not have received this update yet. For more information, users shoul
Talos
Microsoft Patch Tuesday - January 2018
blogs_talos·2018-01-09·CVSS 7.5
[HIGH] Microsoft Patch Tuesday - January 2018
Today Microsoft has released its monthly set of security advisories for vulnerabilities that have been identified and addressed in various products. This month's advisory release addresses 56 new vulnerabilities with 16 of them rated critical, 39 of them rated important and 1 of them rated Moderate. These vulnerabilities impact ASP.NET, Edge, Internet Explorer, Office, Windows, and more.
In addition to the 56 vulnerabilities addressed, Microsoft has also released an update that addresses Meltdown and Spectre. Mitigations for these two vulnerabilities were published for Windows in ADV180002. Note that due to incompatibilities with anti-virus products, users and organizations may not have received this update yet. For more information, users should refer to Microsoft's knowledge base articl
Bugzilla
CVE-2017-15804 glibc: Buffer overflow during unescaping of user names with the ~ operator
bugzilla·2017-10-23·CVSS 9.8
CVE-2017-15804 [CRITICAL] CVE-2017-15804 glibc: Buffer overflow during unescaping of user names with the ~ operator
CVE-2017-15804 glibc: Buffer overflow during unescaping of user names with the ~ operator
The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27 contains a buffer overflow during unescaping of user names with the ~ operator.
Upstream issue:
https://sourceware.org/bugzilla/show_bug.cgi?id=22332
Upstream patch:
https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commit;h=a159b53fa059947cc2548e3b0d5bdcf7b9630ba8
Discussion:
This issue has been addressed in the following products:
Red Hat Enterprise Linux 7
Via RHSA-2018:0805 https://access.redhat.com/errata/RHSA-2018:0805
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 6
Via RHSA-2018:1879 https://access.redhat.com/errata/RHSA-2018:1879
Bugzilla
CVE-2017-15670 glibc: Buffer overflow in glob with GLOB_TILDE
bugzilla·2017-10-20·CVSS 9.8
CVE-2017-15670 [CRITICAL] CVE-2017-15670 glibc: Buffer overflow in glob with GLOB_TILDE
CVE-2017-15670 glibc: Buffer overflow in glob with GLOB_TILDE
A buffer overflow vulnerability caused by an off-by-one error was found in glibc. It is possible that an attacker might use this to escalate his privileges or execute code.
Upstream patch:
http://git.savannah.gnu.org/cgit/gnulib.git/commit/?id=2d1bd71ec70a31b01d01b734faa66bb1ed28961f
Upstream issue:
https://sourceware.org/bugzilla/show_bug.cgi?id=22320
Discussion:
Created glibc tracking bugs for this issue:
Affects: fedora-all [bug 1504807]
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 7
Via RHSA-2018:0805 https://access.redhat.com/errata/RHSA-2018:0805
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 6
Via RHSA-2018:1879 https://access.
Bugzilla
CVE-2015-5180 glibc: DNS resolver NULL pointer dereference with crafted record type
bugzilla·2015-08-03·CVSS 7.5
CVE-2015-5180 [HIGH] CVE-2015-5180 glibc: DNS resolver NULL pointer dereference with crafted record type
CVE-2015-5180 glibc: DNS resolver NULL pointer dereference with crafted record type
It was discovered that the glibc DNS resolver dereferenced a NULL pointer
when processing a specific, but valid resource record type.
Acknowledgements:
Name: Florian Weimer (Red Hat Product Security)
Discussion:
Created glibc tracking bugs for this issue:
Affects: fedora-all [bug 1251403]
---
Upstream bug:
https://sourceware.org/bugzilla/show_bug.cgi?id=18784
Upstream patch:
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=fc82b0a2dfe7dbd35671c10510a8da1043d746a5
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 7
Via RHSA-2018:0805 https://access.redhat.com/errata/RHSA-2018:0805
http://www.securityfocus.com/bid/102459http://www.securitytracker.com/id/1040153https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0805http://www.securityfocus.com/bid/102459http://www.securitytracker.com/id/1040153https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0805
2018-01-10
Published