CVE-2018-0852

Description

Microsoft Outlook 2007 SP3, Microsoft Outlook 2010 SP2, Microsoft Outlook 2013 SP1 and RT SP1, Microsoft Outlook 2016, and Microsoft Office 2016 Click-to-Run (C2R) allow a remote code execution vulnerability, due to how Outlook handles objects in memory, aka Microsoft Office Memory Corruption Vulnerability. This CVE is unique from CVE-2018-0851.

Risk Information

Base Score

8.8

MODERATE

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS Score

Exploitation Probability

30.543

Associated Vulnerability

Vulnerability	OS Platform
Microsoft Outlook Elevation of Privilege Vulnerability for Microsoft Outlook 2016 (KB4011682) 32-Bit Edition	Windows
Microsoft Outlook Elevation of Privilege Vulnerability for Microsoft Outlook 2016 (KB4011682) 64-Bit Edition	Windows
Microsoft Outlook Elevation of Privilege Vulnerability for Microsoft Outlook 2013 (KB4011697) 32-Bit Edition	Windows
Microsoft Outlook Elevation of Privilege Vulnerability for Microsoft Outlook 2013 (KB4011697) 64-Bit Edition	Windows
Microsoft Outlook Elevation of Privilege Vulnerability for Microsoft Outlook 2010 (KB4011711) 32-Bit Edition	Windows
Microsoft Outlook Elevation of Privilege Vulnerability for Microsoft Outlook 2010 (KB4011711) 64-Bit Edition	Windows
Microsoft Outlook Elevation of Privilege Vulnerability for Microsoft Office Outlook 2007 (KB4011200)	Windows

Patch Details

Click to see the patches provided by ManageEngine for this CVE

Patch ID	Patch Description
PATCH-23902	Security Update for Microsoft Outlook 2016 (KB4011682) 32-Bit Edition
PATCH-23903	Security Update for Microsoft Outlook 2016 (KB4011682) 64-Bit Edition
PATCH-23904	Security Update for Microsoft Outlook 2013 (KB4011697) 32-Bit Edition
PATCH-23905	Security Update for Microsoft Outlook 2013 (KB4011697) 64-Bit Edition
PATCH-23927	Security Update for Microsoft Outlook 2010 (KB4011711) 32-Bit Edition
PATCH-23928	Security Update for Microsoft Outlook 2010 (KB4011711) 64-Bit Edition
PATCH-23931	Security Update for Microsoft Office Outlook 2007 (KB4011200)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234