CVE-2018-0802

ENISA EUVD: EUVD-2018-1608 ↗

Exploited in the Wild ✓ Confirmed 0-Day ★ Google Project Zero

Triaged: March 5, 2026 3 articles Published: 2018-01-10

VulnLookup ↗ NVD ↗ EUVD ↗ MITRE ↗ Advisory ↗ P0 Sheet ↗ CISA KEV ↗

EPSS Score

Source: FIRST.org · 2026-05-23

93.89%

probability

This CVE has a 93.89% probability of being exploited in the next 30 days.

0% Top 99.9th percentile of all CVEs 100%

CVSS v3.1

Source: VulnerabilityLookup (CIRCL)

7.8

HIGH

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS v2 (legacy)

9.3

HIGH

Access Vector

Network

Access Complexity

Medium

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

AV:N/AC:M/Au:N/C:C/I:C/A:C

Description

VulnerabilityLookup (CNA)

Equation Editor in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allow a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE is unique from CVE-2018-0797 and CVE-2018-0812.

Affected Products

Microsoft Corporation

Equation Editor

Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016

microsoft

office

microsoft

office compatibility pack

microsoft

word

Microsoft Corporation

Equation Editor

Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016

Attack Intelligence

CWE-118 · Incorrect Access of Indexable Resource ('Range Error') CWE-119 · Buffer Overflow CWE-664 · Improper Control of a Resource Through its Lifetime CWE-787 · Out-of-bounds Write

Google Project Zero

Patched

Jan. 9, 2018

Reported by

Liang Yin of Tencent PC Manager, Zhiyuan Zheng, Yuki Chen of Qihoo 360 Vulcan Team, Yang Kang, Ding Maoyin and Song Shenlei, and Jinquan of Qihoo 360 Core Security (@360CoreSec), Luka Treiber of 0patch Team - ACROS Security, zhouat of Qihoo 360 Vulcan Team, bee13oy of Qihoo 360 Vulcan Team, Netanel Ben Simon and Omer Gull of Check Point Software Technologies

Root Cause Analysis

???

Exploits & PoC

rxwx/CVE-2018-0802

PoC Exploit for CVE-2018-0802 (and optionally CVE-2017-11882)

269 2018-02-28

Ridter/RTF_11882_0802

PoC for CVE-2018-0802 And CVE-2017-11882

166 2018-01-12

zldww2011/CVE-2018-0802_POC

Exploit the vulnerability to execute the calculator

68 2018-01-11

likekabin/CVE-2018-0802_CVE-2017-11882

11 2018-01-16

Abdibimantara/Maldoc-Analysis

Pada bulan maret 2023, terdapat sample baru yang terindentifikasi sebagai malware. Malware tersebut berasal dari file berekstensi.xls dan .doc dan dik

1 2023-03-06

roninAPT/CVE-2018-0802

0 2021-02-20

6 repos — triés par ⭐ Rechercher sur GitHub ↗