CVE-2018-0797

Name of the Vulnerable Software and Affected Versions Microsoft Office versions 2010 through 2016

Description The issue is caused by a buffer overflow in memory when handling RTF content. Exploitation of the vulnerability requires a user to open a specially crafted RTF file with an affected version of Microsoft Office software. This could allow a remote attacker to execute arbitrary code in the context of the current user. If the current user has administrative user rights, the attacker could take control of the affected system, install programs, view, change, or delete data, or create new accounts with full user rights.

Recommendations For Microsoft Office 2010, update to a version that properly handles RTF files to prevent exploitation. For Microsoft Office 2013, update to a version that properly handles RTF files to prevent exploitation. For Microsoft Office 2016, update to a version that properly handles RTF files to prevent exploitation. As a temporary workaround, consider avoiding the use of RTF files with affected versions of Microsoft Office software until a patch is available.