Published: 15/02/2018 Updated: 24/08/2020

CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 828

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Microsoft Office 2007 SP2, Microsoft Office Word Viewer, Microsoft Office 2010 SP2, Microsoft Office 2013 SP1 and RT SP1, Microsoft Office 2016, and Microsoft Office 2016 Click-to-Run (C2R) allow a remote code execution vulnerability, due to how Office handles objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE is unique from CVE-2018-0852.

Vulnerable Product	Search on Vulmon	Subscribe to Product
microsoft outlook 2013
microsoft outlook 2016
microsoft outlook 2010
microsoft office 2007
microsoft office 2016
microsoft office word viewer -

Roses are red, Windows error screens are blue. It's 2018, and an email can still pwn you

The Register • Shaun Nichols in San Francisco • 14 Feb 2018

Here's a bumper crop of security fixes you do not want to miss

Patch Tuesday Serious security flaws in Outlook and Edge are headlining a busy Microsoft Patch Tuesday. The Redmond giant has issued the February edition of its monthly security update, addressing a total of 50 CVE-listed vulnerabilities in its products. Adobe has also posted an update for flaws in Reader and Experience Manager. Headlining the Microsoft patch load is a fix for an Outlook bug, CVE-2018-0852, which is a memory corruption flaw that can be exploited to achieve remote code execution....

CVE-2018-0851

Vulnerability Summary

Recent Articles

References

Vulmon Search

About

Products

Connect