Lucene search

MicrosoftCVE-2018-0922

HistoryMar 14, 2018 - 5:29 p.m.

CVE-2018-0922

2018-03-1417:29:02

CWE-787

microsoft

web.nvd.nist.gov

microsoft

office

remote code execution

vulnerability

memory corruption

cve-2018-0922

nvd

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

7.8

Confidence

High

EPSS

0.083

Percentile

94.4%

JSON

Microsoft Office 2010 SP2, 2013 SP1, and 2016, Microsoft Office 2016 Click-to-Run Microsoft Office 2016 for Mac, Microsoft Office Compatibility Pack SP2, Microsoft Office Web Apps 2010 SP2, Microsoft Office Web Apps 2013 SP1, Microsoft Office Word Viewer, Microsoft SharePoint Enterprise Server 2013 SP1, Microsoft SharePoint Enterprise Server 2016, Microsoft Office Compatibility Pack SP2, Microsoft Online Server 2016, Microsoft SharePoint Server 2010 SP2, Microsoft Word 2007 SP3, Microsoft Word 2010 SP2, Word 2013 and Microsoft Word 2016 allow a remote code execution vulnerability due to how objects are handled in memory, aka “Microsoft Office Memory Corruption Vulnerability”.

Affected configurations

Nvd

Vulners

Node

microsoftofficeMatch2010sp2

microsoftofficeMatch2013sp1

microsoftofficeMatch2016

microsoftofficeMatch2016mac

microsoftofficeMatch2016click-to-run

microsoftoffice_compatibility_packMatch-sp2

microsoftoffice_online_serverMatch2016

microsoftoffice_web_appsMatch2010sp2

microsoftoffice_web_appsMatch2013sp1

microsoftoffice_word_viewerMatch-

microsoftsharepoint_enterprise_serverMatch2013sp1

microsoftsharepoint_enterprise_serverMatch2016

microsoftsharepoint_serverMatch2010sp2

microsoftwordMatch2007sp3

microsoftwordMatch2010sp2

microsoftwordMatch2013

microsoftwordMatch2016

VendorProductVersionCPE
microsoftoffice2010cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:*:*
microsoftoffice2013cpe:2.3:a:microsoft:office:2013:sp1:*:*:*:*:*:*
microsoftoffice2016cpe:2.3:a:microsoft:office:2016:*:*:*:*:*:*:*
microsoftoffice2016cpe:2.3:a:microsoft:office:2016:*:*:*:*:mac:*:*
microsoftoffice2016cpe:2.3:a:microsoft:office:2016:*:*:*:click-to-run:*:*:*
microsoftoffice_compatibility_pack-cpe:2.3:a:microsoft:office_compatibility_pack:-:sp2:*:*:*:*:*:*
microsoftoffice_online_server2016cpe:2.3:a:microsoft:office_online_server:2016:*:*:*:*:*:*:*
microsoftoffice_web_apps2010cpe:2.3:a:microsoft:office_web_apps:2010:sp2:*:*:*:*:*:*
microsoftoffice_web_apps2013cpe:2.3:a:microsoft:office_web_apps:2013:sp1:*:*:*:*:*:*
microsoftoffice_word_viewer-cpe:2.3:a:microsoft:office_word_viewer:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
microsoft	office	2010	cpe:2.3:a:microsoft:office:2010:sp2::::::
microsoft	office	2013	cpe:2.3:a:microsoft:office:2013:sp1::::::
microsoft	office	2016	cpe:2.3:a:microsoft:office:2016:::::::*
microsoft	office	2016	cpe:2.3:a:microsoft:office:2016:::::mac::
microsoft	office	2016	cpe:2.3:a:microsoft:office:2016::::click-to-run:::
microsoft	office_compatibility_pack	-	cpe:2.3:a:microsoft:office_compatibility_pack:-:sp2::::::
microsoft	office_online_server	2016	cpe:2.3:a:microsoft:office_online_server:2016:::::::*
microsoft	office_web_apps	2010	cpe:2.3:a:microsoft:office_web_apps:2010:sp2::::::
microsoft	office_web_apps	2013	cpe:2.3:a:microsoft:office_web_apps:2013:sp1::::::
microsoft	office_word_viewer	-	cpe:2.3:a:microsoft:office_word_viewer:-:::::::*

Rows per page:

1-10 of 171

CNA Affected

[
  {
    "product": "Microsoft Office",
    "vendor": "Microsoft Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "Microsoft Office 2010 SP2, 2013 SP1, and 2016, Microsoft Office 2016 Click-to-Run Microsoft Office 2016 for Mac, Microsoft Office Compatibility Pack SP2, Microsoft Office Web Apps 2010 SP2, Microsoft Office Web Apps 2013 SP1, Microsoft Office Word Viewer, Microsoft SharePoint Enterprise Server 2013 SP1, Microsoft SharePoint Enterprise Server 2016, Microsoft Office Compatibility Pack SP2, Microsoft Online Server 2016, Microsoft SharePoint Server 2010 SP2, Microsoft Word 2007 SP3, Microsoft Word 2010 SP2, Word 2013 and Microsoft Word 2016"
      }
    ]
  }
]