Multiple vulnerabilities in Microsoft Office Online

Description

Multiple serious vulnerabilities have been found in Microsoft Office. Malicious users can exploit these vulnerabilities to execute arbitrary code.

Below is a complete list of vulnerabilities:

1. Remote code execution vulnerability in Microsoft Office software can be exploited via specially crafted file to execute arbitrary code;
2. Memory corruption vulnerability in Microsoft Office software can be exploited via specially crafted file to execute arbitrary code.

---

Technical details

Vulnerability (1) is related to Microsoft Office 2016 Click-to-Run (C2R) for 32-bit editions, Microsoft Office 2016 Click-to-Run (C2R) for 64-bit editions, Microsoft Office 2016 for Mac, Microsoft Office Online Server 2016, Microsoft SharePoint Enterprise Server 2016, Microsoft Word 2016 (32-bit edition), Microsoft Word 2016 (64-bit edition).

Original advisories

• CVE-2018-0792

• CVE-2018-0797

Exploitation

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Related products

• Microsoft-Word
• Microsoft-Sharepoint-Server

CVE list

• CVE-2018-0792
  critical
• CVE-2018-0797
  critical

KB list

• 4011022

Read more

Find out the statistics of the vulnerabilities spreading in your region on statistics.securelist.com