Home

CVE-2018-0797

Description

Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allow a remote code execution vulnerability due to the way RTF content is handled, aka Microsoft Word Memory Corruption Vulnerability.

Risk Information

Base Score
7.8
MODERATE
Vector
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
33.961

Associated Vulnerability

VulnerabilityOS Platform
Microsoft Office Memory Corruption Vulnerability for Microsoft Office Compatibility Pack Service Pack 3 (KB4011607)Windows
Microsoft Office Memory Corruption Vulnerability for Microsoft Word 2013 (KB4011651) 64-Bit EditionWindows
Microsoft Office Memory Corruption Vulnerability for Microsoft Word 2013 (KB4011651) 32-Bit EditionWindows
Microsoft Office Memory Corruption Vulnerability for Microsoft Word 2016 (KB4011643) 64-Bit EditionWindows
Microsoft Office Memory Corruption Vulnerability for Microsoft Word 2016 (KB4011643) 32-Bit EditionWindows
Microsoft Office Memory Corruption Vulnerability for Microsoft Office Word 2007 (KB4011657)Windows
Microsoft Office Memory Corruption Vulnerability for Microsoft Word 2010 (KB4011659) 64-Bit EditionWindows
Microsoft Office Memory Corruption Vulnerability for Microsoft Word 2010 (KB4011659) 32-Bit EditionWindows
Microsoft SharePoint Elevation of Privilege Vulnerability for Microsoft SharePoint Enterprise Server 2016 (KB4011642)Windows
Microsoft Office Remote Code Execution Vulnerability for Microsoft Office 2010 (KB4011658) 64-Bit EditionWindows
Microsoft Office Remote Code Execution Vulnerability for Microsoft Office 2010 (KB4011658) 32-Bit EditionWindows
Microsoft Office Memory Corruption Vulnerability for Microsoft SharePoint Enterprise Server 2013 (KB4011579)Windows
Microsoft Office Memory Corruption Vulnerability for Microsoft Office Web Apps Server 2013 (KB4011648)Windows
Microsoft Office Memory Corruption Vulnerability for Word Viewer (KB4011641)Windows
Microsoft Office Memory Corruption Vulnerability for Microsoft Web Applications (KB4011615)Windows
Microsoft Office Memory Corruption Vulnerability for Microsoft SharePoint Server 2010 (KB4011609)Windows

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-23766Security Update for Microsoft Office Compatibility Pack Service Pack 3 (KB4011607)
PATCH-23744Security Update for Microsoft Word 2013 (KB4011651) 64-Bit Edition
PATCH-23743Security Update for Microsoft Word 2013 (KB4011651) 32-Bit Edition
PATCH-23718Security Update for Microsoft Office Word 2007 (KB4011657)
PATCH-23730Security Update for Microsoft Word 2010 (KB4011659) 32-Bit Edition
PATCH-23754Security Update for Microsoft SharePoint Enterprise Server 2016 (KB4011642)
PATCH-23729Security Update for Microsoft Office 2010 (KB4011658) 64-Bit Edition
PATCH-23728Security Update for Microsoft Office 2010 (KB4011658) 32-Bit Edition
PATCH-23748Security Update for Microsoft SharePoint Enterprise Server 2013 (KB4011579)
PATCH-23767Security Update for Word Viewer (KB4011641)
PATCH-23734Security Update for Microsoft Web Applications (KB4011615)
PATCH-23735Security Update for Microsoft SharePoint Server 2010 (KB4011609)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234