CVE-2018-0794 | Armis Vulnerability Intelligence Database

Description Preview

Microsoft Word in Microsoft Office 2007, 2010, 2013, and 2016 contains a remote code execution vulnerability due to the way objects are handled in memory. This flaw could allow a remote attacker to execute arbitrary code on a vulnerable system, potentially taking control of the affected machine. The vulnerability is distinct from CVE-2018-0792 and was publicly disclosed in January 2018.

Overview

This CVE identifies a remote code execution vulnerability in Microsoft Word across Office 2007 through 2016, arising from improper handling of objects in memory. Exploitation could enable an attacker to run arbitrary code on the victim’s system, potentially compromising confidentiality, integrity, and availability. The issue was made public in early 2018 and is distinct from CVE-2018-0792.

Remediation

Apply the latest Microsoft Office security updates that address CVE-2018-0794. Use Windows Update or Office Update to ensure Word and related components are patched.
Enable automatic updates for Office to receive future security fixes promptly.
After patching, verify the Office build/version to confirm the remediation is in place.
As a defense-in-depth measure, enable Protected View and restrict macros in Word documents to reduce exposure to untrusted content.
Educate users to avoid opening untrusted or unexpected Word documents from unknown sources, and consider implementing email/file screening to filter malicious attachments.

References

102373 (BID): http://www.securityfocus.com/bid/102373
1040153 (SECTRACK): http://www.securitytracker.com/id/1040153
MSRC Advisory: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0794

Industry ExposureMost to least
This section illustrates the prevalence of a specific Common Vulnerabilities and Exposures (CVE) across various industries based on customer reports. The ranking displays industries from the most to least affected by this particular vulnerability, offering valuable insight into where this CVE has been most frequently observed. This information can help organizations within these sectors prioritize their security efforts, understand their relative risk exposure compared to their peers, and focus remediation strategies where they are most needed. By understanding the industry-specific impact, organizations can make more informed decisions regarding patching, resource allocation, and overall risk management related to this CVE.

Manufacturing: Medium
Manufacturing
Public Administration: Medium
Public Administration
Health Care & Social Assistance: Medium
Health Care & Social Assistance
Transportation & Warehousing: Medium
Transportation & Warehousing
Educational Services: Low
Educational Services
Finance and Insurance: Low
Finance and Insurance
Professional, Scientific, & Technical Services: Low
Professional, Scientific, & Technical Services
Management of Companies & Enterprises: Low
Management of Companies & Enterprises
Other Services (except Public Administration): Low
Other Services (except Public Administration)
Retail Trade: Low
Retail Trade
Arts, Entertainment & Recreation: Low
Arts, Entertainment & Recreation
Utilities: Low
Utilities
Real Estate Rental & Leasing: Low
Real Estate Rental & Leasing
Agriculture, Forestry Fishing & Hunting: Low
Agriculture, Forestry Fishing & Hunting
Accommodation & Food Services: Low
Accommodation & Food Services
Administrative, Support, Waste Management & Remediation Services: Low
Administrative, Support, Waste Management & Remediation Services
Construction: Low
Construction
Information: Low
Information
Mining: Low
Mining
Wholesale Trade: Low
Wholesale Trade

^{CVE-2018-0794:}CVE-2018-0794 is a remote code execution vulnerability in Microsoft Word affecting Office 2007, 2010, 2013, and 2016, caused by the way Word handles objects in memory.

Description Preview

Overview

Remediation

References

Focus on What Matters

Let's talk!