CVE-2018-0805 — Corporation Equation Editor vulnerability

7 documents5 sources

Severity

8.8HIGHNVD

EPSS

36.4%

top 2.88%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Corporation Equation Editor Microsoft Office Microsoft Word

Timeline

PublishedJan 10

Latest updateMay 13

Description

Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Word Remote Code Execution Vulnerability". This CVE is unique from CVE-2018-0804, CVE-2018-0806, and CVE-2018-0807

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages3 packages

▶NVDmicrosoft/office4 versions+3

▶CVEListV5microsoft_corporation/equation_editorMicrosoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016

▶NVDmicrosoft/word4 versions+3

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-4846-8x25-45mr: Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remo↗2022-05-13

▶

CVEList

CVE-2018-0805: Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remo↗2018-01-10

▶

📋Vendor Advisories

Microsoft

Microsoft Office Memory Corruption Vulnerability↗2018-01-09

▶

💬Community

Bugzilla

CVE-2017-15804 glibc: Buffer overflow during unescaping of user names with the ~ operator↗2017-10-23

▶

Bugzilla

CVE-2017-15670 glibc: Buffer overflow in glob with GLOB_TILDE↗2017-10-20

▶

Bugzilla

CVE-2015-5180 glibc: DNS resolver NULL pointer dereference with crafted record type↗2015-08-03

▶