← Back

CVE-2018-0798

nvd nist
Published: Jan 10, 2018Modified: Oct 28, 2025CISA KEV

JSON object

Loading...
8.8
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Exploitability: 2.8 / Impact: 5.9
Source: NVD

Description

Equation Editor in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Office Memory Corruption Vulnerability".

Affected (11)

Microsoft
3 products
Office
Office Compatibility Pack
Word
Configuration A
11 vulnerable
Vulnerable SoftwareAffected Versions
Microsoft
Office
Version 2007 sp3
Office
Version 2010 sp2
Office
Version 2013 sp1
Office
Version 2016
Office
Version 2016
Office Compatibility Pack
All versions
Microsoft
Word
Version 2007 sp3
Word
Version 2010 sp2
Word
Version 2013 sp1
Word
Version 2013 sp1
Word
Version 2016

Related CWEs

CWE-787
Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.

References (9)

Source: secure@microsoft.com
Broken LinkThird Party AdvisoryVDB Entry
Source: secure@microsoft.com
Broken LinkThird Party AdvisoryVDB Entry
Source: secure@microsoft.com
Third Party Advisory
Source: secure@microsoft.com
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Broken LinkThird Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Broken LinkThird Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
US Government Resource

Timeline

No history available yet.