Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2018-0950

Published: 12/04/2018 Updated: 24/08/2020
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N
Subscribe to Microsoft

Vulnerability Summary

An information disclosure vulnerability exists when Office renders Rich Text Format (RTF) email messages containing OLE objects when a message is opened or previewed, aka "Microsoft Office Information Disclosure Vulnerability." This affects Microsoft Word, Microsoft Office. This CVE ID is unique from CVE-2018-1007.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

microsoft office 2016

microsoft office 2010

microsoft office compatibility pack -

microsoft word 2010

microsoft word 2007

microsoft word 2013

microsoft word 2016

Recent Articles

Using Outlook? You should probably do some patching
The Register • Richard Speed • 12 Apr 2018

It's 2018 and previewing an email can flash your privates at the world

Microsoft emitted a patch for all supported versions of Outlook on Patch Tuesday this month to prevent attackers harvesting credentials from users who simply preview a carefully crafted Rich Text (RTF) email. The vulnerability (CVE-2018-0950) exploited Outlook’s unfortunate habit of retrieving remotely hosted Object Linking and Embedding (OLE) content when previewing a RTF email. The Windows client was able to authenticate itself if that content was hosted on SMB/CIFS server. If the SMB server...

Read more...
It's April 2018 – and Patch Tuesday shows Windows security is still foiled by fiendish fonts
The Register • Shaun Nichols in San Francisco • 10 Apr 2018

Adobe's Flash also up the spout Mad March Meltdown! Microsoft's patch for a patch for a patch may need another patch

Microsoft has released the April edition of its monthly security update, this time addressing a total of 63 CVE-listed vulnerabilities. This month's update includes critical fixes for the usual suspects: Windows, Edge, Internet Explorer, and Office, as well as one flaw Redmond previously fixed with an unscheduled update. You should install these fixes as soon as you can, if your system hasn't already. Just one of this month's patches is for a zero-day flaw; CVE-2018-1034 is an elevation of privi...

Read more...

References

NVD-CWE-noinfohttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0950http://www.securitytracker.com/id/1040654http://www.securityfocus.com/bid/103642https://nvd.nist.govhttps://www.theregister.co.uk/2018/04/12/outlook_patch_preview_bug/https://www.kb.cert.org/vuls/id/974272
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48654CVE-2024-2757authentication bypassCVE-2024-3194CVE-2024-33640CVE-2024-21111dosinsecure direct object referenceCVE-2024-21345
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook