CVE-2018-0802
CVE-2018-0802
In short
Microsoft Office's Equation Editor has a flaw that allows hackers to run malicious code on your computer when you open a specially crafted document. This happens because the software doesn't properly manage memory, letting attackers take control of your system.
Technical detail
A memory corruption vulnerability in Equation Editor (EQNEDT32.EXE) across Office 2007-2016 allows arbitrary code execution via malformed OLE objects embedded in Office documents. The attack requires user interaction (opening a malicious document) and results in execution with the privileges of the affected user.
Summary generated and translated by AI from the official description.
Equation Editor in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allow a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE is unique from CVE-2018-0797 and CVE-2018-0812.
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
Microsoft Corporation · Equation Editorpublic PoCs found — 6
githubgithub.com/rxwx/CVE-2018-0802★ 270githubgithub.com/Ridter/RTF_11882_0802★ 166githubgithub.com/zldww2011/CVE-2018-0802_POC★ 68githubgithub.com/likekabin/CVE-2018-0802_CVE-2017-11882★ 11githubgithub.com/Abdibimantara/Maldoc-Analysis★ 1githubgithub.com/roninAPT/CVE-2018-0802★ 0⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://0patch.blogspot.com/2018/01/the-bug-that-killed-equation-editor-how.htmlhttps://github.com/rxwx/CVE-2018-0802https://github.com/zldww2011/CVE-2018-0802_POChttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0802https://research.checkpoint.com/another-office-equation-rce-vulnerability/https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-0802http://www.securityfocus.com/bid/102347http://www.securitytracker.com/id/1040153