CVE-2018-0922

Name of the Vulnerable Software and Affected Versions Microsoft Office 2010 SP2 Microsoft Office 2013 SP1 Microsoft Office 2016 Microsoft Office 2016 Click-to-Run Microsoft Office 2016 for Mac Microsoft Office Compatibility Pack SP2 Microsoft Office Web Apps 2010 SP2 Microsoft Office Web Apps 2013 SP1 Microsoft Office Word Viewer Microsoft SharePoint Enterprise Server 2013 SP1 Microsoft SharePoint Enterprise Server 2016 Microsoft Online Server 2016 Microsoft SharePoint Server 2010 SP2 Microsoft Word 2007 SP3 Microsoft Word 2010 SP2 Microsoft Word 2013 Microsoft Word 2016

Description A remote code execution issue exists in Microsoft Office software due to improper handling of objects in memory. This could allow an attacker to run arbitrary code in the context of the current user. If the current user has administrative rights, the attacker could take control of the affected system, install programs, view, change, or delete data, or create new accounts with full user rights. Exploitation requires a user to open a specially crafted file with an affected version of Microsoft Office software. Users with limited rights on the system are less impacted than those operating with administrative rights.

Recommendations For Microsoft Office 2010 SP2, update to a newer version to mitigate the risk. For Microsoft Office 2013 SP1, update to a newer version to mitigate the risk. For Microsoft Office 2016, update to a newer version to mitigate the risk. For Microsoft Office 2016 Click-to-Run, update to a newer version to mitigate the risk. For Microsoft Office 2016 for Mac, update to a newer version to mitigate the risk. For Microsoft Office Compatibility Pack SP2, update to a newer version to mitigate the risk. For Microsoft Office Web Apps 2010 SP2, update to a newer version to mitigate the risk. For Microsoft Office Web Apps 2013 SP1, update to a newer version to mitigate the risk. For Microsoft Office Word Viewer, update to a newer version to mitigate the risk. For Microsoft SharePoint Enterprise Server 2013 SP1, update to a newer version to mitigate the risk. For Microsoft SharePoint Enterprise Server 2016, update to a newer version to mitigate the risk. For Microsoft Online Server 2016, update to a newer version to mitigate the risk. For Microsoft SharePoint Server 2010 SP2, update to a newer version to mitigate the risk. For Microsoft Word 2007 SP3, update to a newer version to mitigate the risk. For Microsoft Word 2010 SP2, update to a newer version to mitigate the risk. For Microsoft Word 2013, update to a newer version to mitigate the risk. For Microsoft Word 2016, update to a newer version to mitigate the risk. As a temporary workaround, consider avoiding the use of affected Microsoft Office software until a patch is available.