Vulnerability Name: CVE-2018-0851 (CCN-138561) Assigned: 2017-12-01 Published: 2018-02-13 Updated: 2020-08-24 Summary: Microsoft Office 2007 SP2, Microsoft Office Word Viewer, Microsoft Office 2010 SP2, Microsoft Office 2013 SP1 and RT SP1, Microsoft Office 2016, and Microsoft Office 2016 Click-to-Run (C2R) allow a remote code execution vulnerability, due to how Office handles objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE is unique from CVE-2018-0852 . CVSS v3 Severity: 8.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H )7.7 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C )Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): RequiredScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): HighIntegrity (I): HighAvailibility (A): High
7.8 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H )6.8 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C )Exploitability Metrics: Attack Vector (AV): LocalAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): RequiredScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): HighIntegrity (I): HighAvailibility (A): High
CVSS v2 Severity: 9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C )Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): MediumAuthentication (Au): NoneImpact Metrics: Confidentiality (C): CompleteIntegrity (I): CompleteAvailibility (A): Complete
6.8 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:S/C:C/I:C/A:C )Exploitability Metrics: Access Vector (AV): LocalAccess Complexity (AC): LowAthentication (Au): Single_InstanceImpact Metrics: Confidentiality (C): CompleteIntegrity (I): CompleteAvailibility (A): Complete
Vulnerability Type: CWE-787 Vulnerability Consequences: Gain Access References: Source: MITRE Type: CNACVE-2018-0851 Source: BID Type: Third Party Advisory, VDB Entry102870 Source: CCN Type: BID-102870Microsoft Office CVE-2018-0851 Memory Corruption Vulnerability Source: SECTRACK Type: Third Party Advisory, VDB Entry1040381 Source: XF Type: UNKNOWNms-office-cve20180851-code-exec(138561) Source: CCN Type: Microsoft Security TechCenter - February 2018Microsoft Office Memory Corruption Vulnerability Source: CONFIRM Type: Patch, Vendor Advisoryhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0851 Vulnerable Configuration: Configuration 1 :cpe:/a:microsoft:office:2007:*:*:*:*:*:*:* OR cpe:/a:microsoft:office:2016:*:*:*:*:*:*:* OR cpe:/a:microsoft:office:2016:*:*:*:click-to-run:*:*:* OR cpe:/a:microsoft:office_word_viewer:-:*:*:*:*:*:*:* OR cpe:/a:microsoft:outlook:2010:sp2:*:*:*:*:*:* OR cpe:/a:microsoft:outlook:2013:sp1:*:*:*:*:*:* OR cpe:/a:microsoft:outlook:2013:sp1:*:*:*:rt:*:* OR cpe:/a:microsoft:outlook:2016:*:*:*:*:*:*:* Configuration CCN 1 :cpe:/a:microsoft:word_viewer:*:*:*:*:*:*:*:* OR cpe:/a:microsoft:office:2010:sp2:*:*:*:*:x64:* OR cpe:/a:microsoft:office:2010:sp2:x32:*:*:*:*:* OR cpe:/a:microsoft:office:2013:sp1:x32:*:*:*:*:* OR cpe:/a:microsoft:office:2013:sp1:*:*:*:*:x64:* OR cpe:/a:microsoft:office:2013:sp1:*:*:rt:*:*:* OR cpe:/a:microsoft:office:2016:*:x32:*:*:*:*:* OR cpe:/a:microsoft:office:2016:*:*:*:*:*:x64:* OR cpe:/a:microsoft:office:2016:*:*:*:click-to-run:*:x32:* OR cpe:/a:microsoft:office:2016:*:*:*:click-to-run:*:x64:* Denotes that component is vulnerable BACK
microsoft office 2007
microsoft office 2016
microsoft office 2016
microsoft office word viewer -
microsoft outlook 2010 sp2
microsoft outlook 2013 sp1
microsoft outlook 2013 sp1
microsoft outlook 2016
microsoft word viewer *
microsoft office 2010 sp2
microsoft office 2010 sp2
microsoft office 2013 sp1
microsoft office 2013 sp1
microsoft office 2013 sp1
microsoft office 2016
microsoft office 2016
microsoft office 2016
microsoft office 2016