CVE-2018-0802
Equation Editor in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allow a remote code execution...
Basic Information
- CVE State
- PUBLISHED
- Reserved Date
- December 01, 2017
- Published Date
- January 10, 2018
- Last Updated
- February 07, 2025
- Vendor
- Microsoft Corporation
- Product
- Equation Editor
- Description
- Equation Editor in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allow a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE is unique from CVE-2018-0797 and CVE-2018-0812.
CVSS Scores
SSVC Information
- Exploitation
- active
- Technical Impact
- total
References
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0802
https://github.com/rxwx/CVE-2018-0802
http://www.securitytracker.com/id/1040153
https://0patch.blogspot.com/2018/01/the-bug-that-killed-equation-editor-how.html
http://www.securityfocus.com/bid/102347
https://github.com/zldww2011/CVE-2018-0802_POC
https://research.checkpoint.com/another-office-equation-rce-vulnerability/
Known Exploited Vulnerability Information
| Source | Added Date |
|---|---|
| CISA | 2021-11-03 00:00:00 UTC |
Potential Proof of Concepts
Warning: These PoCs have not been tested and could contain malware. Use at your own risk.
roninAPT/CVE-2018-0802
Type: github • Created: 2021-02-20 02:34:16 UTC • Stars: 0
rxwx/CVE-2018-0802
Type: github • Created: 2018-01-11 09:43:46 UTC • Stars: 270
PoC Exploit for CVE-2018-0802 (and optionally CVE-2017-11882)
zldww2011/CVE-2018-0802_POC
Type: github • Created: 2018-01-11 09:16:32 UTC • Stars: 68
Exploit the vulnerability to execute the calculator