Microsoft Office CVE-2018-0802 Memory Corruption Vulnerability



Microsoft Office is prone to a memory-corruption vulnerability.

An attacker can leverage this issue to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely result in denial of service conditions.

Information

Bugtraq ID: 102347
Class: Design Error
CVE: CVE-2018-0802

Remote: Yes
Local: No
Published: Jan 09 2018 12:00AM
Updated: Feb 12 2019 11:00PM
Credit: Liang Yin of Tencent PC Manager, Zhiyuan Zheng, Yuki Chen of Qihoo 360 Vulcan Team, Yang Kang, Ding Maoyin and Song Shenlei of Qihoo 360 Core Security, Luka Treiber of 0patch Team - ACROS Security, zhouat of Qihoo 360 Vulcan Team, bee13oy of Qihoo 360 Vul
Vulnerable: Microsoft Word 2016 (64-bit edition) 0
Microsoft Word 2016 (32-bit edition) 0
Microsoft Word 2013 Service Pack 1 (64-bit editions)
Microsoft Word 2013 Service Pack 1 (32-bit editions)
Microsoft Word 2013 RT Service Pack 1 0
Microsoft Word 2010 Service Pack 2 (64-bit editions) 0
Microsoft Word 2010 Service Pack 2 (32-bit editions) 0
Microsoft Word 2007 SP3
Microsoft Office Compatibility Pack Service Pack 3 0
Microsoft Office 2016 Click-to-Run (C2R) for 64-bit edition 0
- Microsoft Windows NT 4.0
 Microsoft Office 2016 Click-to-Run (C2R) for 32-bit edition 0
- Microsoft Windows NT 4.0
 Microsoft Office 2016 (64-bit edition) 0
Microsoft Office 2016 (32-bit edition) 0
Microsoft Office 2013 Service Pack 1 (64-bit editions)
Microsoft Office 2013 Service Pack 1 (32-bit editions)
Microsoft Office 2010 Service Pack 2 (64-bit editions) 0
Microsoft Office 2010 Service Pack 2 (32-bit editions) 0
Microsoft Office 2007 SP3


Not Vulnerable:

Exploit


This vulnerability is being exploited as part of cyber espionage campaigns identified in Symantec MATI reports SYMC - 300734 and SYMC - 300824.


Source: www.securityfocus.com
Related Posts