Home

CVE-2018-0805

Description

Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka Microsoft Word Remote Code Execution Vulnerability. This CVE is unique from CVE-2018-0804, CVE-2018-0806, and CVE-2018-0807

Risk Information

Base Score
8.8
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
36.403

Associated Vulnerability

VulnerabilityOS Platform
Microsoft Office Memory Corruption Vulnerability for Microsoft Office Compatibility Pack Service Pack 3 (KB4011607)Windows
Microsoft Office Memory Corruption Vulnerability for Microsoft Word 2013 (KB4011651) 64-Bit EditionWindows
Microsoft Office Memory Corruption Vulnerability for Microsoft Word 2013 (KB4011651) 32-Bit EditionWindows
Microsoft Office Memory Corruption Vulnerability for Microsoft Office 2007 suites (KB4011656)Windows
Microsoft Office Memory Corruption Vulnerability for Microsoft Office 2016 (KB4011574) 64-Bit EditionWindows
Microsoft Office Memory Corruption Vulnerability for Microsoft Office 2016 (KB4011574) 32-Bit EditionWindows
Microsoft Office Memory Corruption Vulnerability for Microsoft Office 2010 (KB4011610) 64-Bit EditionWindows
Microsoft Office Memory Corruption Vulnerability for Microsoft Office 2010 (KB4011610) 32-Bit EditionWindows
Microsoft Office Memory Corruption Vulnerability for Microsoft Word 2016 (KB4011643) 64-Bit EditionWindows
Microsoft Office Memory Corruption Vulnerability for Microsoft Word 2016 (KB4011643) 32-Bit EditionWindows
Microsoft Office Memory Corruption Vulnerability for Microsoft Office Word 2007 (KB4011657)Windows
Microsoft Office Memory Corruption Vulnerability for Microsoft Word 2010 (KB4011659) 64-Bit EditionWindows
Microsoft Office Memory Corruption Vulnerability for Microsoft Word 2010 (KB4011659) 32-Bit EditionWindows

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-23766Security Update for Microsoft Office Compatibility Pack Service Pack 3 (KB4011607)
PATCH-23744Security Update for Microsoft Word 2013 (KB4011651) 64-Bit Edition
PATCH-23743Security Update for Microsoft Word 2013 (KB4011651) 32-Bit Edition
PATCH-23721Security Update for Microsoft Office 2007 suites (KB4011656)
PATCH-23765Security Update for Microsoft Office 2016 (KB4011574) 64-Bit Edition
PATCH-23764Security Update for Microsoft Office 2016 (KB4011574) 32-Bit Edition
PATCH-23737Security Update for Microsoft Office 2010 (KB4011610) 64-Bit Edition
PATCH-23736Security Update for Microsoft Office 2010 (KB4011610) 32-Bit Edition
PATCH-23718Security Update for Microsoft Office Word 2007 (KB4011657)
PATCH-23730Security Update for Microsoft Word 2010 (KB4011659) 32-Bit Edition

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234