CVE-2018-0802
Equation Editor in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allow a remote code execution...
Basic Information
- CVE State
- PUBLISHED
- Reserved Date
- December 01, 2017
- Published Date
- January 10, 2018
- Last Updated
- October 21, 2025
- Vendor
- Microsoft Corporation
- Product
- Equation Editor
- Description
- Equation Editor in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allow a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE is unique from CVE-2018-0797 and CVE-2018-0812.
- Tags
- Exploitation
- active
- Technical Impact
- total
- Exploited in the Wild
- Yes (2021-11-03 00:00:00 UTC) Source
CVSS Scores
CVSS v3.1
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVSS v2.0
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
SSVC Information
Exploit Status
References
Known Exploited Vulnerability Information
| Source | Added Date |
|---|---|
| CISA | 2021-11-03 00:00:00 UTC |
| CISA | 2021-11-03 00:00:00 UTC |
Potential Proof of Concepts
Warning: These PoCs have not been tested and could contain malware. Use at your own risk.
roninAPT/CVE-2018-0802
Type: github • Created: 2021-02-20 02:34:16 UTC • Stars: 0
likekabin/CVE-2018-0802_CVE-2017-11882
Type: github • Created: 2018-01-16 05:49:01 UTC • Stars: 11
rxwx/CVE-2018-0802
Type: github • Created: 2018-01-11 09:43:46 UTC • Stars: 270
zldww2011/CVE-2018-0802_POC
Type: github • Created: 2018-01-11 09:16:32 UTC • Stars: 68
Timeline
-
CVE ID Reserved
-
CVE Published to Public
-
Added to KEVIntel
-
Added to KEVIntel