Published: 15/02/2018 Updated: 24/08/2020

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 3.3 | Impact Score: 1.4 | Exploitability Score: 1.8

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

Microsoft Office 2010 SP2, Microsoft Office 2013 SP1 and RT SP1, Microsoft Office 2016, and Microsoft Office 2016 Click-to-Run (C2R) allow an information disclosure vulnerability, due to how Office initializes the affected variable, aka "Microsoft Office Information Disclosure Vulnerability".

Vulnerable Product	Search on Vulmon	Subscribe to Product
microsoft office 2016
microsoft office 2010
microsoft office 2013

Roses are red, Windows error screens are blue. It's 2018, and an email can still pwn you

The Register • Shaun Nichols in San Francisco • 14 Feb 2018

Here's a bumper crop of security fixes you do not want to miss

Patch Tuesday Serious security flaws in Outlook and Edge are headlining a busy Microsoft Patch Tuesday. The Redmond giant has issued the February edition of its monthly security update, addressing a total of 50 CVE-listed vulnerabilities in its products. Adobe has also posted an update for flaws in Reader and Experience Manager. Headlining the Microsoft patch load is a fix for an Outlook bug, CVE-2018-0852, which is a memory corruption flaw that can be exploited to achieve remote code execution....

CVE-2018-0853

Vulnerability Summary

Recent Articles

References

Vulmon Search

About

Products

Connect