Vulnerability CVE-2018-0922


Published: 2018-03-14

Description:
Microsoft Office 2010 SP2, 2013 SP1, and 2016, Microsoft Office 2016 Click-to-Run Microsoft Office 2016 for Mac, Microsoft Office Compatibility Pack SP2, Microsoft Office Web Apps 2010 SP2, Microsoft Office Web Apps 2013 SP1, Microsoft Office Word Viewer, Microsoft SharePoint Enterprise Server 2013 SP1, Microsoft SharePoint Enterprise Server 2016, Microsoft Office Compatibility Pack SP2, Microsoft Online Server 2016, Microsoft SharePoint Server 2010 SP2, Microsoft Word 2007 SP3, Microsoft Word 2010 SP2, Word 2013 and Microsoft Word 2016 allow a remote code execution vulnerability due to how objects are handled in memory, aka "Microsoft Office Memory Corruption Vulnerability".

Type:

CWE-119

(Improper Restriction of Operations within the Bounds of a Memory Buffer)

CVSS2 => (AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
9.3/10
10/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Microsoft -> Office 
Microsoft -> Office compatibility pack 
Microsoft -> Office online server 
Microsoft -> Office web apps 
Microsoft -> Office word viewer 
Microsoft -> Sharepoint enterprise server 
Microsoft -> Sharepoint server 
Microsoft -> WORD 

 References:
http://www.securityfocus.com/bid/103314
http://www.securitytracker.com/id/1040511
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0922

Copyright 2024, cxsecurity.com

 

Back to Top