Bird_banner_small4
Microsoft Office EQNEDT32 CVE-2018-0802 MATRIX Stack Buffer Overflow
TSL ID TSL20180109-02
CVE ID(s) CVE-2018-0802
Severity High
Description

A stack buffer overflow vulnerability has been reported in Microsoft Office. This vulnerability is due to incorrect handling of embedded Equation Editor OLE objects in Office documents.

A remote attacker could exploit this vulnerability by enticing a user to open a specially crafted file. Successful exploitation could lead to arbitrary code execution under the context of the currently logged on user.

The vendor, Microsoft, has released the following advisory regarding this vulnerability:

https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2018-0802

Affected Products
  • Microsoft Office 2007 Service Pack 3
  • Microsoft Office 2010 Service Pack 2
  • Microsoft Office 2010 Service Pack 2 (64-bit)
  • Microsoft Office 2013 Service Pack 1
  • Microsoft Office 2013 Service Pack 1 (64-bit)
  • Microsoft Office 2016
  • Microsoft Office 2016 (64-bit)
CVSS Score Base 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P):
  • Access vector is NETWORK
  • Access complexity is MEDIUM
  • Level of authentication required is NONE
  • Impact of this vulnerability on data confidentiality is PARTIAL
  • Impact of this vulnerability on data integrity is PARTIAL
  • Impact of this vulnerability on data availability is PARTIAL
Temporal 5.0 (E:U/RL:OF/RC:C):
  • The exploitability level of this vulnerability is UNPROVEN
  • The remediation level of this vulnerability is OFFICIAL FIX
  • The report confidence level of this vulnerability is CONFIRMED
References https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2018-0802
https://research.checkpoint.com/another-office-equation-rce-vulnerability/
Related Threats