CVE-2018-0853

Microsoft Office 2010 SP2, Microsoft Office 2013 SP1 and RT SP1, Microsoft Office 2016, and Microsoft Office 2016 Click-to-Run (C2R) allow an information disclosure vulnerability, due to how Office initializes the affected variable, aka "Microsoft Office Information Disclosure Vulnerability".
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
3.3 LOW
LOCAL
LOW
NONE
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
microsoftCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 93%
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/102868
http://www.securitytracker.com/id/1040381
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0853
http://www.securityfocus.com/bid/102868
http://www.securitytracker.com/id/1040381
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0853