CVE-2018-0950 — Microsoft Office Information Disclosure Vulnerability
Executive Summary
An information disclosure vulnerability exists when Office renders Rich Text Format (RTF) email messages containing OLE objects when a message is opened or previewed. This vulnerability could potentially result in the disclosure of sensitive information to a malicious site. To exploit the vulnerability, an attacker would have to send an RTF-formatted email to a user and convince the user to open or preview the email. A connection to a remote SMB server could then be automatically initiated, enabling the attacker to brute-force attack the corresponding NTLM challenge and response in order to disclose the corresponding hash password. The security update addresses the vulnerability by correcting how Office processes OLE objects.
Overview
EPSS Score
No EPSS score available for this CVE.
View on FIRST.orgAffected Products
| Product | KB Article | Severity | Impact | Restart Required |
|---|---|---|---|---|
| Microsoft Office 2010 Service Pack 2 (32-bit editions) | 4018357 (Security Update) |
Important | Information Disclosure | Maybe |
| Microsoft Office 2010 Service Pack 2 (64-bit editions) | 4018357 (Security Update) |
Important | Information Disclosure | Maybe |
| Microsoft Office 2016 Click-to-Run (C2R) for 32-bit editions | Click to Run (Security Update) |
Important | Information Disclosure | Maybe |
| Microsoft Office 2016 Click-to-Run (C2R) for 64-bit editions | Click to Run (Security Update) |
Important | Information Disclosure | Maybe |
| Microsoft Office Compatibility Pack Service Pack 3 | 4018354 (Security Update) |
Important | Information Disclosure | Maybe |
| Microsoft Word 2007 Service Pack 3 | 4018355 (Security Update) |
Important | Information Disclosure | Maybe |
| Microsoft Word 2010 Service Pack 2 (32-bit editions) | 4018359 (Security Update) |
Important | Information Disclosure | Maybe |
| Microsoft Word 2010 Service Pack 2 (64-bit editions) | 4018359 (Security Update) |
Important | Information Disclosure | Maybe |
| Microsoft Word 2013 RT Service Pack 1 | 4018347 (Security Update) |
Important | Information Disclosure | Maybe |
| Microsoft Word 2013 Service Pack 1 (32-bit editions) | 4018347 (Security Update) |
Important | Information Disclosure | Maybe |
| Microsoft Word 2013 Service Pack 1 (64-bit editions) | 4018347 (Security Update) |
Important | Information Disclosure | Maybe |
| Microsoft Word 2016 (32-bit edition) | 4018339 (Security Update) |
Important | Information Disclosure | Maybe |
| Microsoft Word 2016 (64-bit edition) | 4018339 (Security Update) |
Important | Information Disclosure | Maybe |
Patches
| Article | Type | Restart |
|---|---|---|
4018357 |
Security Update | Maybe |
Click to Run |
Security Update | Maybe |
4018354 |
Security Update | Maybe |
4018355 |
Security Update | Maybe |
4018359 |
Security Update | Maybe |
4018347 |
Security Update | Maybe |
4018339 |
Security Update | Maybe |
Known Exploits
Acknowledgments
Will Dormann CERT/CC