CVE-2018-0802

CVE Database · CVE-2018-0802

CVE-2018-0802

· HIGHAnalyzed

CVSS v3.1

7.8

EPSS

93.36%

Published

Jan 9, 2018

Modified

Oct 28, 2025

CISA Known Exploited Vulnerability

Added: 2021-11-03 · Due: 2022-05-03

Apply updates per vendor instructions.

Public PoC / Exploit (7)

All weaponized →

TrickestTrickest PoC index GitHub PoCrxwx/CVE-2018-0802★269 GitHub PoCRidter/RTF_11882_0802★166 GitHub PoCzldww2011/CVE-2018-0802_POC★68 GitHub PoClikekabin/CVE-2018-0802_CVE-2017-11882★11 GitHub PoCAbdibimantara/Maldoc-Analysis★1 GitHub PoCroninAPT/CVE-2018-0802★0

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Equation Editor in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allow a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE is unique from CVE-2018-0797 and CVE-2018-0812.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-787CWE-787

Affected Products (11)

microsoft · officevulnerable