Vulnerabilities > CVE-2018-0922 - Out-of-bounds Write vulnerability in Microsoft products
Summary
Microsoft Office 2010 SP2, 2013 SP1, and 2016, Microsoft Office 2016 Click-to-Run Microsoft Office 2016 for Mac, Microsoft Office Compatibility Pack SP2, Microsoft Office Web Apps 2010 SP2, Microsoft Office Web Apps 2013 SP1, Microsoft Office Word Viewer, Microsoft SharePoint Enterprise Server 2013 SP1, Microsoft SharePoint Enterprise Server 2016, Microsoft Office Compatibility Pack SP2, Microsoft Online Server 2016, Microsoft SharePoint Server 2010 SP2, Microsoft Word 2007 SP3, Microsoft Word 2010 SP2, Word 2013 and Microsoft Word 2016 allow a remote code execution vulnerability due to how objects are handled in memory, aka "Microsoft Office Memory Corruption Vulnerability".
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family Windows : Microsoft Bulletins NASL id SMB_NT_MS18_MAR_WORD.NASL description The Microsoft Word Products are missing security updates. It is, therefore, affected by multiple vulnerabilities : - An information disclosure vulnerability exists when Microsoft Office software reads out of bound memory due to an uninitialized variable, which could disclose the contents of memory. An attacker who successfully exploited the vulnerability could view out of bound memory. Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Office software. The security update addresses the vulnerability by properly initializing the affected variable. (CVE-2018-0919) - A remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2018-0922) last seen 2020-06-01 modified 2020-06-02 plugin id 108301 published 2018-03-13 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/108301 title Security Updates for Microsoft Word Products (March 2018) NASL family Windows : Microsoft Bulletins NASL id SMB_NT_MS18_MAR_OFFICE_SHAREPOINT.NASL description The Microsoft SharePoint Server or Microsoft Project Server installation on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities : - An information disclosure vulnerability exists when Microsoft Office software reads out of bound memory due to an uninitialized variable, which could disclose the contents of memory. An attacker who successfully exploited the vulnerability could view out of bound memory. Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Office software. The security update addresses the vulnerability by properly initializing the affected variable. (CVE-2018-0919) - A remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2018-0922) - An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly verify tenant permissions. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server. The attacker who successfully exploited the vulnerability could elevate permissions such that they gain full rights to the affected tenant. These attacks could allow the attacker to read content that the attacker is not authorized to read, change permissions, and edit or delete content. The security update addresses the vulnerability by helping to ensure that SharePoint Server properly checks tenant permissions. (CVE-2018-0947) - An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server. The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. These attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim last seen 2020-06-01 modified 2020-06-02 plugin id 108298 published 2018-03-13 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/108298 title Security Updates for Microsoft SharePoint Server and Microsoft Project Server (March 2018) NASL family Windows : Microsoft Bulletins NASL id SMB_NT_MS18_MAR_OFFICE.NASL description The Microsoft Office Products are missing security updates. It is, therefore, affected by multiple vulnerabilities : - An information disclosure vulnerability exists when Microsoft Office software reads out of bound memory due to an uninitialized variable, which could disclose the contents of memory. An attacker who successfully exploited the vulnerability could view out of bound memory. Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Office software. The security update addresses the vulnerability by properly initializing the affected variable. (CVE-2018-0919) - A remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2018-0922) last seen 2020-06-01 modified 2020-06-02 plugin id 108296 published 2018-03-13 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/108296 title Security Updates for Microsoft Office Products (March 2018) NASL family Windows : Microsoft Bulletins NASL id SMB_NT_MS18_MAR_OFFICE_COMPATIBILITY.NASL description The Microsoft Office Compatibility Products are missing a security update. It is, therefore, affected by the following vulnerability : - A remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2018-0922) last seen 2020-06-01 modified 2020-06-02 plugin id 108297 published 2018-03-13 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/108297 title Security Updates for Microsoft Office Compatibility Products (March 2018) NASL family Windows : Microsoft Bulletins NASL id SMB_NT_MS18_MAR_OFFICE_WEB.NASL description The Microsoft Office Online Server or Microsoft Office Web Apps installation on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities : - An information disclosure vulnerability exists when Microsoft Office software reads out of bound memory due to an uninitialized variable, which could disclose the contents of memory. An attacker who successfully exploited the vulnerability could view out of bound memory. Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Office software. The security update addresses the vulnerability by properly initializing the affected variable. (CVE-2018-0919) - A remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2018-0922) last seen 2020-06-01 modified 2020-06-02 plugin id 108299 published 2018-03-13 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/108299 title Security Updates for Microsoft Office Online Server and Microsoft Office Web Apps (March 2018)
References
- http://www.securityfocus.com/bid/103314
- http://www.securityfocus.com/bid/103314
- http://www.securitytracker.com/id/1040511
- http://www.securitytracker.com/id/1040511
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0922
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0922