CVE-2018-0950

Published: Apr 12, 2018Modified: Nov 21, 2024

6.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

An information disclosure vulnerability exists when Office renders Rich Text Format (RTF) email messages containing OLE objects when a message is opened or previewed, aka "Microsoft Office Information Disclosure Vulnerability." This affects Microsoft Word, Microsoft Office. This CVE ID is unique from CVE-2018-1007.

Affected (8)

Products: Microsoft: Office, Office Compatibility Pack, Word

3 products

Office Compatibility Pack

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Microsoft Office	Version 2010 sp2
Microsoft Office	Version 2016
Microsoft Office Compatibility Pack	All versions

Configuration B

5 vulnerable

Vulnerable Software	Affected Versions
Microsoft Word	Version 2007 sp3
Microsoft Word	Version 2010 sp2
Microsoft Word	Version 2013 sp1
Microsoft Word	Version 2013 sp1
Microsoft Word	Version 2016

References (6)

http://www.securityfocus.com/bid/103642

Source: secure@microsoft.com

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1040654

Source: secure@microsoft.com

Third Party AdvisoryVDB Entry

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0950

Source: secure@microsoft.com

PatchVendor Advisory

http://www.securityfocus.com/bid/103642

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1040654

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0950

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.