Published: 10/01/2018 Updated: 16/03/2018
CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 829
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Summary

Equation Editor in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Office Memory Corruption Vulnerability".

Vulnerability Trend

Affected Products

Vendor Product Versions
MicrosoftOffice2007, 2010, 2013, 2016
MicrosoftOffice Compatibility Pack-
MicrosoftWord2007, 2010, 2013, 2016

Github Repositories

APT & CyberCriminal Campaign Collection This is a collection of APT and CyberCriminal campaigns Please fire issue to me if any lost APT/Malware events/campaigns 🤷The password of malware samples could be 'virus' or 'infected' URL to PDF Tool Print Friendly & PDF Reference Resources kbandla APTnotes Florian Roth - APT Groups Attack Wiki

TODO: Fix -p flag -c flag is deprecated CVE Watcher queries the National Vulnerability Database (NVD) for CVEs related to specific vendor and/or product Example(s): python CVEWatcherpy -v Microsoft -s 0 -S 2015 -e 0 -E 2015 python CVEWatcherpy -v Adobe -s 0 -S 2015 -e 0 -E 2015 python CVEWatcherpy -v Google -p chrome -s 4 -S 2014 -e 11 -E 2014 Example Output: Microsoft,78,H

office-exploit-case-study Collection of office exploit used in the real world recent years with samples and writeup,please study them in virtual machineTake responsibility yourself if you use them for illegal purposesSamples should match hash in corresponding writeup if mentioned If you are looking for more poc(reported by researchers and never used in the real world),you ca

Recent Articles

IT threat evolution Q2 2019. Statistics
Securelist • Victor Chebyshev Fedor Sinitsyn Denis Parinov Boris Larin Oleg Kupreev Evgeny Lopatin • 19 Aug 2019

These statistics are based on detection verdicts of Kaspersky products received from users who consented to provide statistical data.
According to Kaspersky Security Network,
Q2 2019 will be remembered for several events.
First, we uncovered a large-scale financial threat by the name of Riltok, which targeted clients of not only major Russian banks, but some foreign ones too.
Second, we detected the new Trojan.AndroidOS.MobOk malware, tasked with stealing money from mobil...