CVE-2018-1026

HIGH

Microsoft Office - Remote Code Execution

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-1026. PoCs published by ymgh96.

AI-analyzed exploit summary This repository contains a scanner for detecting the presence of CVE-2018-1026 vulnerability in Microsoft Office installations. It checks for vulnerable versions and patches by querying installed applications and updates via WMIC.

Description

A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory, aka "Microsoft Office Remote Code Execution Vulnerability." This affects Microsoft Office. This CVE ID is unique from CVE-2018-1030.

Exploits (1)

nomisec SCANNER
by ymgh96 · poc
https://github.com/ymgh96/Detecting-the-CVE-2018-1026-and-its-patch

This repository contains a scanner for detecting the presence of CVE-2018-1026 vulnerability in Microsoft Office installations. It checks for vulnerable versions and patches by querying installed applications and updates via WMIC.

Classification
Scanner 90%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Reliable
Target: Microsoft Office 2013 SP1, Microsoft Office 2016, Microsoft Office 2016 Click-to-Run
No auth needed
Prerequisites: Access to a Windows system with Microsoft Office installed
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/103613
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1040654

Scores

CVSS v3 8.8
EPSS 0.4132
EPSS Percentile 98.5%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

Status published
Products (2)
microsoft/office 2013 sp1
microsoft/office 2016 (2 CPE variants)
Published Apr 12, 2018
Tracked Since Feb 18, 2026