CVE-2018-0950

Description

An information disclosure vulnerability exists when Office renders Rich Text Format (RTF) email messages containing OLE objects when a message is opened or previewed, aka "Microsoft Office Information Disclosure Vulnerability." This affects Microsoft Word, Microsoft Office. This CVE ID is unique from CVE-2018-1007.

Affected products

• Microsoft / Microsoft Office2010 Service Pack 2 (32-bit editions) – 2010 Service Pack 2 (32-bit editions)
• Microsoft / Microsoft Office2010 Service Pack 2 (64-bit editions) – 2010 Service Pack 2 (64-bit editions)
• Microsoft / Microsoft Office2016 Click-to-Run (C2R) for 32-bit editions – 2016 Click-to-Run (C2R) for 32-bit editions
• Microsoft / Microsoft Office2016 Click-to-Run (C2R) for 64-bit editions – 2016 Click-to-Run (C2R) for 64-bit editions
• Microsoft / Microsoft OfficeCompatibility Pack Service Pack 3 – Compatibility Pack Service Pack 3
• Microsoft / Microsoft Word2013 Service Pack 1 (64-bit editions) – 2013 Service Pack 1 (64-bit editions)
• Microsoft / Microsoft Word2007 Service Pack 3 – 2007 Service Pack 3
• Microsoft / Microsoft Word2016 (64-bit edition) – 2016 (64-bit edition)
• Microsoft / Microsoft Word2016 (32-bit edition) – 2016 (32-bit edition)
• Microsoft / Microsoft Word2010 Service Pack 2 (32-bit editions) – 2010 Service Pack 2 (32-bit editions)
• Microsoft / Microsoft Word2010 Service Pack 2 (64-bit editions) – 2010 Service Pack 2 (64-bit editions)
• Microsoft / Microsoft Word2013 RT Service Pack 1 – 2013 RT Service Pack 1
• Microsoft / Microsoft Word2013 Service Pack 1 (32-bit editions) – 2013 Service Pack 1 (32-bit editions)

References

• VENDOR_ADVISORYhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0950
• MISChttp://www.securityfocus.com/bid/103642
• MISChttp://www.securitytracker.com/id/1040654