CVE-2018-0798

EUVD-2018-1604
Equation Editor in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Office Memory Corruption Vulnerability".
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.8 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CISA-ADPADP
8.8 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 99%
Affected Products (NVD)
VendorProductVersion
microsoftoffice_compatibility_pack
-
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/102370
http://www.securitytracker.com/id/1040153
https://0patch.blogspot.com/2018/01/bringing-abandoned-equation-editor-back.html
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0798
http://www.securityfocus.com/bid/102370
http://www.securitytracker.com/id/1040153
https://0patch.blogspot.com/2018/01/bringing-abandoned-equation-editor-back.html
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0798
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-0798