CVE-2018-0798
CVE-2018-0798
In short
A flaw in Microsoft Office's Equation Editor allows attackers to run malicious code on your computer when you open a specially crafted Office document. This happens because the software doesn't properly manage memory when handling certain objects.
Technical detail
Memory corruption vulnerability in Equation Editor component across Office 2007-2016 exploited via crafted OLE objects in Office documents. Attack vector is network-based through document opening; requires user interaction to trigger object instantiation. Successful exploitation results in arbitrary code execution with user privileges.
Summary generated and translated by AI from the official description.
Equation Editor in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Office Memory Corruption Vulnerability".
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
Microsoft Corporation · Equation Editorpublic PoCs found — 1
githubgithub.com/Sunqiz/CVE-2018-0798-reproduction★ 0⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://0patch.blogspot.com/2018/01/bringing-abandoned-equation-editor-back.htmlhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0798https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-0798http://www.securityfocus.com/bid/102370http://www.securitytracker.com/id/1040153