Home

CVE-2018-0853

Description

Microsoft Office 2010 SP2, Microsoft Office 2013 SP1 and RT SP1, Microsoft Office 2016, and Microsoft Office 2016 Click-to-Run (C2R) allow an information disclosure vulnerability, due to how Office initializes the affected variable, aka Microsoft Office Information Disclosure Vulnerability.

Risk Information

Base Score
3.3
MODERATE
Vector
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
EPSS Score
Exploitation Probability
13.146

Associated Vulnerability

VulnerabilityOS Platform
Microsoft Office Information Disclosure Vulnerability for Microsoft Office 2010 (KB3114874) 32-Bit EditionWindows
Microsoft Office Information Disclosure Vulnerability for Microsoft Office 2010 (KB3114874) 64-Bit EditionWindows
Microsoft Office Information Disclosure Vulnerability for Microsoft Office 2013 (KB3172459) 32-Bit EditionWindows
Microsoft Office Information Disclosure Vulnerability for Microsoft Office 2013 (KB3172459) 64-Bit EditionWindows
Microsoft Office Information Disclosure Vulnerability for Microsoft Office 2016 (KB4011143) 32-Bit EditionWindows
Microsoft Office Information Disclosure Vulnerability for Microsoft Office 2016 (KB4011143) 64-Bit EditionWindows

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-23891Security Update for Microsoft Office 2010 (KB3114874) 32-Bit Edition
PATCH-23892Security Update for Microsoft Office 2010 (KB3114874) 64-Bit Edition
PATCH-23893Security Update for Microsoft Office 2013 (KB3172459) 32-Bit Edition
PATCH-23894Security Update for Microsoft Office 2013 (KB3172459) 64-Bit Edition
PATCH-23898Security Update for Microsoft Office 2016 (KB4011143) 32-Bit Edition
PATCH-23899Security Update for Microsoft Office 2016 (KB4011143) 64-Bit Edition

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234