Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
829
VMScore

CVE-2018-0798

Published: 10/01/2018 Updated: 24/08/2020
CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 829
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Subscribe to Office

Vulnerability Summary

Equation Editor in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Office Memory Corruption Vulnerability".

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

microsoft office 2010

microsoft word 2013

microsoft word 2016

microsoft office 2016

microsoft office compatibility pack -

microsoft word 2007

microsoft office 2007

microsoft office 2013

microsoft word 2010

Github Repositories

https://github.com/chenxiang12/document-eqnobj-dataset

document-eqnobj-dataset This dataset is used to train CNN model to detect malicious document with formula editors exploits, such as CVE-2017-11882, CVE-2018-0802 and CVE-2018-0798 01-train_oleEqnB 4078 benign Equation Ole Objects comes from Internet and my lab 02-train_oleEqnM 1173 malicious Equation Ole Objects comes from 1798 malicious RTF files in Virustotal 03-test_oleEqn

https://github.com/Ant1n0/equaltion_editor_exploit

CVE-2017-11882 Study Student Name: Peiran Sun, Yufeng Ge Date:2022220 Intro: Today we are going to talk about a vulnerability that affects everyone who uses Microsoft office for almost two decades When you opened a Microsoft Office file, have you ever noticed this annoying warning? I always wonder, how can a file display only text and pictures, maybe sometimes video, harmin

Recent Articles

IT threat evolution Q2 2019. Statistics
Securelist • Victor Chebyshev Fedor Sinitsyn Denis Parinov Boris Larin Oleg Kupreev Evgeny Lopatin • 19 Aug 2019

These statistics are based on detection verdicts of Kaspersky products received from users who consented to provide statistical data. According to Kaspersky Security Network, Q2 2019 will be remembered for several events. First, we uncovered a large-scale financial threat by the name of Riltok, which targeted clients of not only major Russian banks, but some foreign ones too. Second, we detected the new Trojan.AndroidOS.MobOk malware, tasked with stealing money from mobile accounts through explo...

Read more...

References

CWE-787https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0798http://www.securitytracker.com/id/1040153http://www.securityfocus.com/bid/102370https://0patch.blogspot.com/2018/01/bringing-abandoned-equation-editor-back.htmlhttps://nvd.nist.govhttps://github.com/chenxiang12/document-eqnobj-datasethttps://securelist.com/it-threat-evolution-q2-2019-statistics/92053/
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
deserializationCVE-2024-4040cross-site scriptingCVE-2023-25790CVE-2024-2961XML external entityCVE-2024-26926CVE-2024-32806CVE-2024-32711
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook