CVE-2018-0853

Name of the Vulnerable Software and Affected Versions: Microsoft Office 2010 SP2 Microsoft Office 2013 SP1 and RT SP1 Microsoft Office 2016 Microsoft Office 2016 Click-to-Run (C2R)

Description: An information disclosure issue exists due to how Office initializes an affected variable. This could allow an attacker to view out of bound memory when a user opens a specially crafted file with an affected version of Microsoft Office software. The issue arises from the software reading out of bound memory due to an uninitialized variable.

Recommendations: For Microsoft Office 2010 SP2, update to a version that includes the fix for this issue. For Microsoft Office 2013 SP1 and RT SP1, update to a version that includes the fix for this issue. For Microsoft Office 2016, update to a version that includes the fix for this issue. For Microsoft Office 2016 Click-to-Run (C2R), update to a version that includes the fix for this issue.