Description
Multiple serious vulnerabilities have been found in Microsoft Office. Malicious users can exploit these vulnerabilities to execute arbitrary code.
Below is a complete list of vulnerabilities:
- Remote code execution vulnerability in Microsoft Office software can be exploited via specially crafted file to execute arbitrary code;
- Memory corruption vulnerability in Microsoft Office software can be exploited via specially crafted file to execute arbitrary code.
Technical details
Vulnerability (1) is related to Microsoft Office 2016 Click-to-Run (C2R) for 32-bit editions, Microsoft Office 2016 Click-to-Run (C2R) for 64-bit editions, Microsoft Office 2016 for Mac, Microsoft Office Online Server 2016, Microsoft SharePoint Enterprise Server 2016, Microsoft Word 2016 (32-bit edition), Microsoft Word 2016 (64-bit edition).
Original advisories
Exploitation
Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.
Related products
CVE list
- CVE-2018-0792 critical
- CVE-2018-0797 critical
KB list
Read more
Find out the statistics of the vulnerabilities spreading in your region on statistics.securelist.com