CVE-2018-0851

Published Feb 15, 2018

Last updated 4 years ago

CVSS high 8.8

Overview

Description: Microsoft Office 2007 SP2, Microsoft Office Word Viewer, Microsoft Office 2010 SP2, Microsoft Office 2013 SP1 and RT SP1, Microsoft Office 2016, and Microsoft Office 2016 Click-to-Run (C2R) allow a remote code execution vulnerability, due to how Office handles objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE is unique from CVE-2018-0852.
Source: secure@microsoft.com
NVD status: Analyzed

Risk scores

CVSS 3.0

Type: Primary
Base score: 8.8
Impact score: 5.9
Exploitability score: 2.8
Vector string: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 9.3
Impact score: 10
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: CWE-787

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:microsoft:office:2007:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "828219FA-E694-46DA-93B0-BE2EC5BBF61E"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:office:2016:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E0B3B0BC-C7C6-4687-AD72-DCA29FF9AE3A"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:office:2016:*:*:*:click-to-run:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E74CB3D6-B0D7-4A6C-ABAA-170C7710D856"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:office_word_viewer:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C64B2636-8F96-48BA-921F-A8FA0E62DE63"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:outlook:2010:sp2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F9A115C1-45EB-4688-AD7C-C1854850EE9B"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:outlook:2013:sp1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D7B6DF1E-0DDA-4809-B216-7CEFE0A53E2B"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:outlook:2013:sp1:*:*:*:rt:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AC969065-3254-4AF1-86AD-9B2A37BEF8C2"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:outlook:2016:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E2B1657C-0FF4-461A-BE2A-641275C4B0A0"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References