Home

CVE-2018-0851

Description

Microsoft Office 2007 SP2, Microsoft Office Word Viewer, Microsoft Office 2010 SP2, Microsoft Office 2013 SP1 and RT SP1, Microsoft Office 2016, and Microsoft Office 2016 Click-to-Run (C2R) allow a remote code execution vulnerability, due to how Office handles objects in memory, aka Microsoft Office Memory Corruption Vulnerability. This CVE is unique from CVE-2018-0852.

Risk Information

Base Score
8.8
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
30.543

Associated Vulnerability

VulnerabilityOS Platform
Microsoft Office Memory Corruption Vulnerability for Microsoft Office 2007 suites (KB4011715)Windows
Microsoft Office Memory Corruption Vulnerability for Microsoft Office 2010 (KB4011707) 32-Bit EditionWindows
Microsoft Office Memory Corruption Vulnerability for Microsoft Office 2010 (KB4011707) 64-Bit EditionWindows
Microsoft Office Memory Corruption Vulnerability for Microsoft Office 2013 (KB4011690) 64-Bit EditionWindows
Microsoft Office Memory Corruption Vulnerability for Microsoft Office 2016 (KB4011686) 32-Bit EditionWindows
Microsoft Office Memory Corruption Vulnerability for Microsoft Office 2016 (KB4011686) 64-Bit EditionWindows
Microsoft Office Memory Corruption Vulnerability for Word Viewer (KB4011703)Windows
Microsoft Office Memory Corruption Vulnerability for Microsoft Office 2013 (KB4011690) 32-Bit EditionWindows

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-23895Security Update for Microsoft Office 2013 (KB4011690) 64-Bit Edition
PATCH-23896Security Update for Microsoft Office 2016 (KB4011686) 32-Bit Edition
PATCH-23897Security Update for Microsoft Office 2016 (KB4011686) 64-Bit Edition
PATCH-23900Security Update for Word Viewer (KB4011703)
PATCH-23901Security Update for Microsoft Office 2013 (KB4011690) 32-Bit Edition

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234