7.8 CVE-2018-0802
Exploit Patch Used by Malware Used by Ransomware CISA Kev Catalog Used by Malware
Equation Editor in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allow a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE is unique from CVE-2018-0797 and CVE-2018-0812.
https://nvd.nist.gov/vuln/detail/CVE-2018-0802
- Threadkit Exploit Kit
Categories
CWE-787 : Out-of-bounds Write
Typically, this can result in corruption of data, a crash, or code execution. The product may modify an index or perform pointer arithmetic that references a memory location that is outside of the boundaries of the buffer. A subsequent write operation then produces undefined or unexpected results.
References
BID
| 102347 Third Party Advisory VDB Entry |
CONFIRM Patch
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0802 Patch Vendor Advisory |
MISC Exploit
| https://0patch.blogspot.com/2018/01/the-bug-that-killed-equation-editor-how.html Third Party Advisory |
| https://github.com/rxwx/CVE-2018-0802 Exploit Third Party Advisory |
| https://github.com/zldww2011/CVE-2018-0802_POC Exploit Third Party Advisory |
| https://research.checkpoint.com/another-office-equation-rce-vulnerability/ |
PHK Exploit
SECTRACK
| 1040153 Third Party Advisory VDB Entry |
CPE
| cpe | start | end |
|---|---|---|
| Configuration 1 | ||
| cpe:2.3:a:microsoft:office:2007:sp3:*:*:*:*:*:* | ||
| cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:*:* | ||
| cpe:2.3:a:microsoft:office:2013:sp1:*:*:*:*:*:* | ||
| cpe:2.3:a:microsoft:office:2016:*:*:*:*:*:*:* | ||
| cpe:2.3:a:microsoft:office:2016:*:*:*:click-to-run:*:*:* | ||
| cpe:2.3:a:microsoft:office_compatibility_pack:-:sp3:*:*:*:*:*:* | ||
| cpe:2.3:a:microsoft:word:2007:sp3:*:*:*:*:*:* | ||
| cpe:2.3:a:microsoft:word:2010:sp2:*:*:*:*:*:* | ||
| cpe:2.3:a:microsoft:word:2013:sp1:*:*:*:*:*:* | ||
| cpe:2.3:a:microsoft:word:2013:sp1:*:*:rt:*:*:* | ||
| cpe:2.3:a:microsoft:word:2016:*:*:*:*:*:*:* | ||
REMEDIATION
Microsoft
| Product | Article | Download |
|---|---|---|
| Microsoft Office 2007 Service Pack 3 | 4011656 | Security Update |
| Microsoft Office 2010 Service Pack 2 (32-bit editions) | 4011610 | Security Update |
| Microsoft Office 2010 Service Pack 2 (64-bit editions) | 4011610 | Security Update |
| Microsoft Office 2013 Service Pack 1 (32-bit editions) | 4011580 | Security Update |
| Microsoft Office 2013 Service Pack 1 (64-bit editions) | 4011580 | Security Update |
| Microsoft Office 2016 (32-bit edition) | 4011574 | Security Update |
| Microsoft Office 2016 (64-bit edition) | 4011574 | Security Update |
| Microsoft Office Compatibility Pack Service Pack 3 | 4011607 | Security Update |
| Microsoft Word 2007 Service Pack 3 | 4011657 | Security Update |
| Microsoft Word 2010 Service Pack 2 (32-bit editions) | 4011659 | Security Update |
| Microsoft Word 2010 Service Pack 2 (64-bit editions) | 4011659 | Security Update |
| Microsoft Word 2013 Service Pack 1 (32-bit editions) | 4011580 | Security Update |
| Microsoft Word 2013 Service Pack 1 (64-bit editions) | 4011580 | Security Update |
| Microsoft Word 2016 (32-bit edition) | 4011643 | Security Update |
| Microsoft Word 2016 (64-bit edition) | 4011643 | Security Update |
Patch
| Url |
|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0802 |
EXPLOITS
Exploit-db.com
| id | description | date | |
|---|---|---|---|
| No known exploits | |||
Other (github, ...)
| Url |
|---|
| https://github.com/rxwx/CVE-2018-0802 |
| https://github.com/zldww2011/CVE-2018-0802_POC |
| https://github.com/roninAPT/CVE-2018-0802 |
CAPEC
Common Attack Pattern Enumerations and Classifications
| id | description | severity |
|---|---|---|
| No entry | ||
MITRE
Sherlock® flash
Take a picture of your computer network in a few clicks !
The Sherlock® flash audit solution allows you to perform an audit to strengthen the security of your IT assets. Vulnerability analysis of your physical and virtual equipment. Patch planning by priority level and time available. Detailed and intuitive reporting.
