CVE-2018-0798

HIGH KEV

Microsoft Office Equation Editor - Remote Code Execution via Memory Corruption

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2018-0798 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added November 3, 2021. EIP tracks 1 public exploit from researchers including Sunqiz.

AI-analyzed exploit summary This repository provides a detailed technical analysis of CVE-2018-0798, a stack-based buffer overflow vulnerability in Microsoft Office's EQNEDT32.EXE component. It includes root cause analysis, dynamic debugging insights, and a breakdown of the exploit mechanism, demonstrating how controlled input leads to arbitrary code execution.

Description

Equation Editor in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Office Memory Corruption Vulnerability".

Exploits (1)

nomisec WRITEUP
by Sunqiz · poc
https://github.com/Sunqiz/CVE-2018-0798-reproduction

This repository provides a detailed technical analysis of CVE-2018-0798, a stack-based buffer overflow vulnerability in Microsoft Office's EQNEDT32.EXE component. It includes root cause analysis, dynamic debugging insights, and a breakdown of the exploit mechanism, demonstrating how controlled input leads to arbitrary code execution.

Classification
Writeup 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Microsoft Office (2007, 2010, 2013, 2016)
No auth needed
Prerequisites: Victim opens a malicious RTF file · Microsoft Office installed on target system
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Broken Link, Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/102370
Broken Link, Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1040153

Scores

CVSS v3 8.8
EPSS 0.9406
EPSS Percentile 99.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation active
Automatable no
Technical Impact total

Details

CISA KEV 2021-11-03
VulnCheck KEV 2018-11-29
InTheWild.io 2021-07-23
ENISA EUVD EUVD-2018-1604
CWE
CWE-787
Status published
Products (9)
microsoft/office 2007 sp3
microsoft/office 2010 sp2
microsoft/office 2013 sp1
microsoft/office 2016 (2 CPE variants)
microsoft/office_compatibility_pack
microsoft/word 2007 sp3
microsoft/word 2010 sp2
microsoft/word 2013 sp1 (2 CPE variants)
microsoft/word 2016
Published Jan 10, 2018
KEV Added Nov 03, 2021
Tracked Since Feb 18, 2026