CVE-2018-0922

CWE-787 — Out-of-bounds Write4 documents4 sources

Severity

7.8HIGH

EPSS

32.5%

top 3.14%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Corporation Microsoft Office Microsoft Office Microsoft Office Online Server +4 more

Timeline

PublishedMar 14

Latest updateMay 13

Description

Microsoft Office 2010 SP2, 2013 SP1, and 2016, Microsoft Office 2016 Click-to-Run Microsoft Office 2016 for Mac, Microsoft Office Compatibility Pack SP2, Microsoft Office Web Apps 2010 SP2, Microsoft Office Web Apps 2013 SP1, Microsoft Office Word Viewer, Microsoft SharePoint Enterprise Server 2013 SP1, Microsoft SharePoint Enterprise Server 2016, Microsoft Office Compatibility Pack SP2, Microsoft Online Server 2016, Microsoft SharePoint Server 2010 SP2, Microsoft Word 2007 SP3, Microsoft Word 2…

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages7 packages

▶NVDmicrosoft/office_online_server2016

▶NVDmicrosoft/office_web_apps2010, 2013+1

▶NVDmicrosoft/office2010, 2013, 2016+2

▶CVEListV5microsoft_corporation/microsoft_officeMicrosoft Office 2010 SP2, 2013 SP1, and 2016, Microsoft Office 2016 Click-to-Run Microsoft Office 2016 for Mac, Microsoft Office Compatibility Pack SP2, Microsoft Office Web Apps 2010 SP2, Microsoft Office Web Apps 2013 SP1, Microsoft Office Word Viewer, Microsoft SharePoint Enterprise Server 2013 SP1, Microsoft SharePoint Enterprise Server 2016, Microsoft Office Compatibility Pack SP2, Microsoft Online Server 2016, Microsoft SharePoint Server 2010 SP2, Microsoft Word 2007 SP3, Microsoft Word 2010 SP2, Word 2013 and Microsoft Word 2016

▶NVDmicrosoft/sharepoint_enterprise_server2013, 2016+1

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-6v4p-rx2q-99q9: Microsoft Office 2010 SP2, 2013 SP1, and 2016, Microsoft Office 2016 Click-to-Run Microsoft Office 2016 for Mac, Microsoft Office Compatibility Pack S↗2022-05-13

▶

CVEList

CVE-2018-0922: Microsoft Office 2010 SP2, 2013 SP1, and 2016, Microsoft Office 2016 Click-to-Run Microsoft Office 2016 for Mac, Microsoft Office Compatibility Pack S↗2018-03-14

▶

📋Vendor Advisories

Microsoft

Microsoft Office Memory Corruption Vulnerability↗2018-03-13

▶

External resources

NVD MITRE

Affected products7

Microsoft Corporation Microsoft OfficevMicrosoft Office 2010 SP2, 2013 SP1, and 2016, Microsoft Office 2016 Click-to-Run Microsoft Office 2016 for Mac, Microsoft Office Compatibility Pack SP2, Microsoft Office Web Apps 2010 SP2, Microsoft Office Web Apps 2013 SP1, Microsoft Office Word Viewer, Microsoft SharePoint Enterprise Server 2013 SP1, Microsoft SharePoint Enterprise Server 2016, Microsoft Office Compatibility Pack SP2, Microsoft Online Server 2016, Microsoft SharePoint Server 2010 SP2, Microsoft Word 2007 SP3, Microsoft Word 2010 SP2, Word 2013 and Microsoft Word 2016

Microsoft Officev2010v2013v2016

Microsoft Office Online Serverv2016

Microsoft Office WEB Appsv2010v2013

Microsoft Sharepoint Enterprise Serverv2013v2016

Microsoft Sharepoint Serverv2010

Microsoft Wordv2007v2010v2013+1 more

Disclosure

PublishedMar 14, 2018

Latest updateMay 13, 2022