CVE-2018-0851

HIGH

Microsoft Office 2007/2010/2013/2016 RCE via Memory Corruption

Title source: llm
STIX 2.1

Description

Microsoft Office 2007 SP2, Microsoft Office Word Viewer, Microsoft Office 2010 SP2, Microsoft Office 2013 SP1 and RT SP1, Microsoft Office 2016, and Microsoft Office 2016 Click-to-Run (C2R) allow a remote code execution vulnerability, due to how Office handles objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE is unique from CVE-2018-0852.

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/102870
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1040381

Scores

CVSS v3 8.8
EPSS 0.1954
EPSS Percentile 97.1%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-787
Status published
Products (6)
microsoft/office 2007
microsoft/office 2016 (2 CPE variants)
microsoft/office_word_viewer
microsoft/outlook 2010 sp2
microsoft/outlook 2013 sp1 (2 CPE variants)
microsoft/outlook 2016
Published Feb 15, 2018
Tracked Since Feb 18, 2026