Skip to main content
CVE-2018-0802 HIGH POC KEV PATCH THREAT Act Now

Microsoft Office Equation Editor allows remote code execution through crafted documents, the third vulnerability in the Equation Editor trifecta (with CVE-2017-11882 and CVE-2018-0798) that collectively dominated the exploit landscape in 2018.

NVD GitHub
CVSS 3.1
7.8
EPSS
93.9%
Threat
5.1
CVE-2018-0798 HIGH KEV PATCH THREAT Act Now

Microsoft Office 2007 through 2016 Equation Editor contains a memory corruption vulnerability enabling remote code execution through crafted documents, a companion exploit to CVE-2017-11882 targeting the same legacy component.

NVD
CVSS 3.1
8.8
EPSS
94.1%
CVE-2018-0005 HIGH This Week

QFX and EX Series switches configured to drop traffic when the MAC move limit is exceeded will forward traffic instead of dropping traffic. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Juniper Junos
NVD
CVSS 3.0
8.8
EPSS
0.7%
CVE-2018-0807 HIGH PATCH This Week

Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft RCE Office Office Compatibility Pack Word
NVD
CVSS 3.0
8.8
EPSS
24.4%
CVE-2018-0806 HIGH PATCH This Week

Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft RCE Office Office Compatibility Pack Word
NVD
CVSS 3.0
8.8
EPSS
24.6%
CVE-2018-0805 HIGH PATCH This Week

Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft RCE Office Office Compatibility Pack Word
NVD
CVSS 3.0
8.8
EPSS
24.4%
CVE-2018-0804 HIGH PATCH This Week

Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft RCE Office Office Compatibility Pack Word
NVD
CVSS 3.0
8.8
EPSS
24.4%
CVE-2018-0801 HIGH PATCH This Week

Equation Editor in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft RCE Office Office Compatibility Pack Word
NVD
CVSS 3.0
8.8
EPSS
24.4%
CVE-2018-0796 HIGH PATCH This Week

Microsoft Excel in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft RCE Excel Excel Viewer Office +1
NVD
CVSS 3.0
8.8
EPSS
23.3%
CVE-2018-0795 HIGH PATCH This Week

Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allow a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Office Remote Code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft RCE Office Word
NVD
CVSS 3.0
8.8
EPSS
19.3%
CVE-2018-0794 HIGH PATCH This Week

Microsoft Word in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft RCE Office Office Compatibility Pack Word
NVD
CVSS 3.0
8.8
EPSS
20.1%
CVE-2018-0792 HIGH PATCH This Week

Microsoft Word 2016 in Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Word Remote Code Execution Vulnerability". Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Microsoft RCE Buffer Overflow Office +3
NVD
CVSS 3.0
8.8
EPSS
26.8%
CVE-2018-0790 HIGH PATCH This Week

Microsoft SharePoint Foundation 2010, Microsoft SharePoint Server 2013 and Microsoft SharePoint Server 2016 allow an elevation of privilege vulnerability due to the way web requests are handled, aka. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Microsoft Information Disclosure Sharepoint Enterprise Server Sharepoint Foundation
NVD
CVSS 3.0
8.8
EPSS
5.3%
CVE-2018-0789 HIGH PATCH This Week

Microsoft SharePoint Foundation 2010, Microsoft SharePoint Server 2013 and Microsoft SharePoint Server 2016 allow an elevation of privilege vulnerability due to the way web requests are handled, aka. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Microsoft Information Disclosure Sharepoint Enterprise Server Sharepoint Server
NVD
CVSS 3.0
8.8
EPSS
6.4%
CVE-2018-0784 HIGH PATCH This Week

ASP.NET Core 1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Asp Net Core
NVD
CVSS 3.0
8.8
EPSS
6.5%
CVE-2018-0012 HIGH This Week

Junos Space is affected by a privilege escalation vulnerability that may allow a local authenticated attacker to gain root privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Juniper Junos Space
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2018-0812 HIGH PATCH This Week

Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Microsoft RCE Buffer Overflow Office +2
NVD
CVSS 3.0
7.8
EPSS
23.9%
CVE-2018-0797 HIGH PATCH This Week

Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allow a remote code execution vulnerability due to the way RTF content is handled, aka "Microsoft Word Memory Corruption. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Microsoft RCE Buffer Overflow Office +8
NVD
CVSS 3.0
7.8
EPSS
24.8%
CVE-2018-0793 HIGH PATCH This Week

Microsoft Outlook 2007, Microsoft Outlook 2010 and Microsoft Outlook 2013 allow a remote code execution vulnerability due to the way email messages are parsed, aka "Microsoft Outlook Remote Code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft RCE Office Office Compatibility Pack Word
NVD
CVSS 3.0
7.8
EPSS
20.6%
CVE-2018-0791 HIGH PATCH This Week

Microsoft Outlook 2007, Microsoft Outlook 2010, Microsoft Outlook 2013, and Microsoft Outlook 2016 allow a remote code execution vulnerability due to the way email messages are parsed, aka "Microsoft. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft RCE Office Outlook
NVD
CVSS 3.0
7.8
EPSS
20.6%
CVE-2018-0818 HIGH PATCH This Week

Microsoft ChakraCore allows an attacker to bypass Control Flow Guard (CFG) in conjunction with another vulnerability to run arbitrary code on a target system, due to how the Chakra scripting engine. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Microsoft RCE Chakracore
NVD
CVSS 3.0
7.5
EPSS
3.7%
CVE-2018-0786 HIGH PATCH This Week

Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, .NET Core 1.0 and 2.0, and PowerShell Core 6.0.0 allow a security feature bypass vulnerability due to the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Microsoft Net Core Powershell Core Net Framework
NVD
CVSS 3.0
7.5
EPSS
3.7%
CVE-2018-0764 HIGH PATCH This Week

Microsoft .NET Framework 1.1, 2.0, 3.0, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 5.7 and .NET Core 1.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Denial Of Service Net Core Powershell Core Net Framework
NVD
CVSS 3.0
7.5
EPSS
8.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy