CVE-2018-0852
Last modified
CVE-2018-0852 is a vulnerability of currently unknown severity. Microsoft Outlook 2007 SP3, Microsoft Outlook 2010 SP2, Microsoft Outlook 2013 SP1 and RT SP1, Microsoft Outlook 2016, and Microsoft Office 2016 Click-to-Run (C2R) allow a remote code execution vulnerability, due to how Outlook handles objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE is unique from CVE-2018-0851.. EPSS estimates a 19.70% chance of exploitation in the next 30 days.
Description
Microsoft Outlook 2007 SP3, Microsoft Outlook 2010 SP2, Microsoft Outlook 2013 SP1 and RT SP1, Microsoft Outlook 2016, and Microsoft Office 2016 Click-to-Run (C2R) allow a remote code execution vulnerability, due to how Outlook handles objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE is unique from CVE-2018-0851.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Microsoft | Office | 2016 | — |
| Microsoft | Outlook | 2010 | Sp2 |
| Microsoft | Outlook | 2013 | Sp1 |
| Microsoft | Outlook | 2016 | — |
References
- http://www.securityfocus.com/bid/102871Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1040368Third Party Advisory, VDB Entry
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0852Patch, Vendor Advisory
- http://www.securityfocus.com/bid/102871Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1040368Third Party Advisory, VDB Entry
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0852Patch, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2018-0852?
How severe is CVE-2018-0852?
How do I fix CVE-2018-0852?
Are you affected by CVE-2018-0852?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST