CVE-2018-0853
published 2018-02-15CVE-2018-0853: Microsoft Office 2010 SP2, Microsoft Office 2013 SP1 and RT SP1, Microsoft Office 2016, and Microsoft Office 2016 Click-to-Run (C2R) allow an information…
PriorityP416low3.3CVSS 3.0
AVLACLPRNUIRSUCLINAN
EPSS
12.04%
95.6th percentile
Microsoft Office 2010 SP2, Microsoft Office 2013 SP1 and RT SP1, Microsoft Office 2016, and Microsoft Office 2016 Click-to-Run (C2R) allow an information disclosure vulnerability, due to how Office initializes the affected variable, aka "Microsoft Office Information Disclosure Vulnerability".
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | office | — | — |
| microsoft | office | — | — |
| microsoft | office | — | — |
| microsoft_corporation | microsoft_office | — | — |
| msrc | microsoft_office_2010_service_pack_2 | — | — |
| msrc | microsoft_office_2013_rt_service_pack_1 | — | — |
| msrc | microsoft_office_2013_service_pack_1 | — | — |
| msrc | microsoft_office_2016 | — | — |
| msrc | microsoft_office_2016_click-to-run_for_32-bit_editions | — | — |
| msrc | microsoft_office_2016_click-to-run_for_64-bit_editions | — | — |
CVSS provenance
nvdv3.03.3LOWCVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:P/I:N/A:N
vendor_msrc3.3HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-p7x9-2gr9-qm7x: Microsoft Office 2010 SP2, Microsoft Office 2013 SP1 and RT SP1, Microsoft Office 2016, and Microsoft Office 2016 Click-to-Run (C2R) allow an informat
ghsa_unreviewed·2022-05-13
CVE-2018-0853 [MEDIUM] CWE-665 GHSA-p7x9-2gr9-qm7x: Microsoft Office 2010 SP2, Microsoft Office 2013 SP1 and RT SP1, Microsoft Office 2016, and Microsoft Office 2016 Click-to-Run (C2R) allow an informat
Microsoft Office 2010 SP2, Microsoft Office 2013 SP1 and RT SP1, Microsoft Office 2016, and Microsoft Office 2016 Click-to-Run (C2R) allow an information disclosure vulnerability, due to how Office initializes the affected variable, aka "Microsoft Office Information Disclosure Vulnerability".
Microsoft
Microsoft Office Information Disclosure Vulnerability
vendor_msrc·2018-02-13·CVSS 3.3
CVE-2018-0853 [LOW] Microsoft Office Information Disclosure Vulnerability
Microsoft Office Information Disclosure Vulnerability
Description: An information disclosure vulnerability exists when Microsoft Office software reads out of bound memory due to an uninitialized variable, which could disclose the contents of memory. An attacker who successfully exploited the vulnerability could view out of bound memory.
Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Office software.
The security update addresses the vulnerability by properly initializing the affected variable.
FAQ: I am being offered this update for software that is not specifically indicated as being affected in the Affected Software and Vulnerability Severity Ratings table. Why am I being offered this update?
When updates addre
No detection rules found.
No public exploits indexed.
Talos
Microsoft Patch Tuesday - February 2018
blogs_talos·2018-02-13·CVSS 3.1
[LOW] Microsoft Patch Tuesday - February 2018
Microsoft Patch Tuesday - February 2018
Today Microsoft has released its monthly set of security advisories for vulnerabilities that have been identified and addressed in various products. This month's advisory release addresses 54 new vulnerabilities with 14 of them rated critical, 38 of them rated important, and 2 of them rated Moderate. These vulnerabilities impact Outlook, Edge, Scripting Engine, App Container, Windows, and more.
## Critical VulnerabilitiesThis month, Microsoft is addressing 14 vulnerabilities that are rated "critical." Talos believes one of these are notable and require prompt attention, detailed below.
CVE-2018-0852 - Microsoft Outlook Memory Corruption Vulnerability
A remote code execution vulnerability has been identified in Microsoft Outlook when the software
Talos
Microsoft Patch Tuesday - February 2018
blogs_talos·2018-02-13·CVSS 3.1
[LOW] Microsoft Patch Tuesday - February 2018
## Microsoft Patch Tuesday - February 2018
Microsoft Patch Tuesday - February 2018
Today Microsoft has released its monthly set of security advisories for vulnerabilities that have been identified and addressed in various products. This month's advisory release addresses 54 new vulnerabilities with 14 of them rated critical, 38 of them rated important, and 2 of them rated Moderate. These vulnerabilities impact Outlook, Edge, Scripting Engine, App Container, Windows, and more.
## Critical Vulnerabilities This month, Microsoft is addressing 14 vulnerabilities that are rated "critical." Talos believes one of these are notable and require prompt attention, detailed below.
CVE-2018-0852 - Microsoft Outlook Memory Corruption Vulnerability
A remote code execution vulnerability has been ident
http://www.securityfocus.com/bid/102868http://www.securitytracker.com/id/1040381https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0853http://www.securityfocus.com/bid/102868http://www.securitytracker.com/id/1040381https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0853
2018-02-15
Published