CVE-2018-0851

Name of the Vulnerable Software and Affected Versions Microsoft Office 2007 SP2 Microsoft Office Word Viewer Microsoft Office 2010 SP2 Microsoft Office 2013 SP1 and RT SP1 Microsoft Office 2016 Microsoft Office 2016 Click-to-Run (C2R)

Description A remote code execution issue exists due to how Office handles objects in memory. This allows an attacker to run arbitrary code in the context of the current user. If the user has administrative rights, the attacker could take control of the system, install programs, view, change or delete data, or create new accounts. The exploitation requires a user to open a specially crafted file with an affected version of Microsoft Office software.

Recommendations For Microsoft Office 2007 SP2, update to a newer version to mitigate the risk. For Microsoft Office Word Viewer, update to a newer version to mitigate the risk. For Microsoft Office 2010 SP2, update to a newer version to mitigate the risk. For Microsoft Office 2013 SP1 and RT SP1, update to a newer version to mitigate the risk. For Microsoft Office 2016, update to a newer version to mitigate the risk. For Microsoft Office 2016 Click-to-Run (C2R), update to a newer version to mitigate the risk.