⚠️ CISA Known Exploited Vulnerability
Active ThreatThis vulnerability is listed in CISA's Known Exploited Vulnerabilities (KEV) catalog. Active exploitation has been observed in the wild. This poses significant risk to federal enterprises and should be prioritized for immediate patching.
CVE-2018-0798
High CISA KEVVulnerability Description
Equation Editor in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Office Memory Corruption Vulnerability".
CVSS Metrics
Common Vulnerability Scoring System
Vector String:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Known Affected Software
9 configuration(s) from 1 vendor(s)
cpe:2.3:a:microsoft:word:2013:sp1:*:*:*:*:x86:*
cpe:2.3:a:microsoft:office:2013:sp2:*:*:*:*:x86:*
cpe:2.3:a:microsoft:office:2007:sp3:*:*:*:*:*:*
cpe:2.3:a:microsoft:word:2007:sp3:*:*:*:*:*:*
cpe:2.3:a:microsoft:office:2016:*:*:*:*:*:x86:*
cpe:2.3:a:microsoft:word:2016:*:*:*:*:*:x86:*
cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:*:*
cpe:2.3:a:microsoft:word:2010:sp2:*:*:*:*:x86:*
cpe:2.3:a:microsoft:office_compatibility_pack:-:sp3:*:*:*:*:*:*
References & Resources
-
http://www.securityfocus.com/bid/102370secure@microsoft.com Broken Link Third Party Advisory VDB Entry
-
http://www.securitytracker.com/id/1040153secure@microsoft.com Broken Link Third Party Advisory VDB Entry
-
https://0patch.blogspot.com/2018/01/bringing-abandoned-equation-editor-back.htmlsecure@microsoft.com Third Party Advisory
-
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0798secure@microsoft.com Patch Vendor Advisory
-
http://www.securityfocus.com/bid/102370af854a3a-2127-422b-91ae-364da2661108 Broken Link Third Party Advisory VDB Entry
-
http://www.securitytracker.com/id/1040153af854a3a-2127-422b-91ae-364da2661108 Broken Link Third Party Advisory VDB Entry
-
https://0patch.blogspot.com/2018/01/bringing-abandoned-equation-editor-back.htmlaf854a3a-2127-422b-91ae-364da2661108 Third Party Advisory
-
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0798af854a3a-2127-422b-91ae-364da2661108 Patch Vendor Advisory
-
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-0798134c704f-9b21-4f2e-91b3-4a467353bcc0 US Government Resource
Severity Details
CISA KEV Status
Listed in CISA's Known Exploited Vulnerabilities catalog
Key Information
- Published Date
- January 10, 2018
