Published: 15/02/2018 Updated: 24/08/2020

CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 828

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Microsoft Outlook 2007 SP3, Microsoft Outlook 2010 SP2, Microsoft Outlook 2013 SP1 and RT SP1, Microsoft Outlook 2016, and Microsoft Office 2016 Click-to-Run (C2R) allow a remote code execution vulnerability, due to how Outlook handles objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE is unique from CVE-2018-0851.

Vulnerable Product	Search on Vulmon	Subscribe to Product
microsoft outlook 2013
microsoft outlook 2016
microsoft outlook 2010
microsoft office 2016

Roses are red, Windows error screens are blue. It's 2018, and an email can still pwn you

The Register • Shaun Nichols in San Francisco • 14 Feb 2018

Here's a bumper crop of security fixes you do not want to miss

Patch Tuesday Serious security flaws in Outlook and Edge are headlining a busy Microsoft Patch Tuesday. The Redmond giant has issued the February edition of its monthly security update, addressing a total of 50 CVE-listed vulnerabilities in its products. Adobe has also posted an update for flaws in Reader and Experience Manager. Headlining the Microsoft patch load is a fix for an Outlook bug, CVE-2018-0852, which is a memory corruption flaw that can be exploited to achieve remote code execution....

CVE-2018-0852

Vulnerability Summary

Vulnerability Trend

Recent Articles

References

Vulmon Search

About

Products

Connect