Microsoft Office CVE-2018-0950 – Information Disclosure

Authors:Will Dormann          Risk:High
  
CVE:CVE-2018-0950            0day:Information Disclosure  

0day-id:0DAY-0950             Date:2018-04-15

Description

An information disclosure vulnerability exists when Office renders Rich Text Format (RTF) email messages containing OLE objects when a message is opened or previewed. This vulnerability could potentially result in the disclosure of sensitive information to a malicious site.

To exploit the vulnerability, an attacker would have to send an RTF-formatted email to a user and convince the user to open or preview the email. A connection to a remote SMB server could then be automatically initiated, enabling the attacker to brute-force attack the corresponding NTLM challenge and response in order to disclose the corresponding hash password.

The security update addresses the vulnerability by correcting how Office processes OLE objects.

Exploitability Assessment

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Publicly Disclosed Exploited Latest Software Release Older Software Release Denial of Service
No No 1 – Exploitation More Likely 1 – Exploitation More Likely Not Applicable

Affected Products

The following software versions or editions are affected. Versions or editions that are not listed are either past their support life cycle or are not affected. To determine the support life cycle for your software version or edition, see the Microsoft Support Lifecycle.

Product
Platform
Article
Download
Impact
Severity
Supersedence
Microsoft Office 2010 Service Pack 2 (32-bit editions) 4018357 Security Update Information Disclosure Important 4011673
Microsoft Office 2010 Service Pack 2 (64-bit editions) 4018357 Security Update Information Disclosure Important 4011673
Microsoft Office 2016 Click-to-Run (C2R) for 32-bit editions Click to Run Security Update  Information Disclosure Important
Microsoft Office 2016 Click-to-Run (C2R) for 64-bit editions Click to Run Security Update  Information Disclosure Important
Microsoft Office Compatibility Pack Service Pack 3 4018354 Security Update Information Disclosure Important 4011720
Microsoft Word 2007 Service Pack 3 4018355 Security Update Information Disclosure Important 4011721
Microsoft Word 2010 Service Pack 2 (32-bit editions) 4018359 Security Update Information Disclosure Important 4011674
Microsoft Word 2010 Service Pack 2 (64-bit editions) 4018359 Security Update Information Disclosure Important 4011674
Microsoft Word 2013 RT Service Pack 1 4018347 Security Update  Information Disclosure Important 4011695
Microsoft Word 2013 Service Pack 1 (32-bit editions) 4018347 Security Update Information Disclosure Important 4011695
Microsoft Word 2013 Service Pack 1 (64-bit editions) 4018347 Security Update Information Disclosure Important 4011695
Microsoft Word 2016 (32-bit edition) 4018339 Security Update Information Disclosure Important 4011730
Microsoft Word 2016 (64-bit edition) 4018339 Security Update Information Disclosure Important 4011730

 

Mitigations

Microsoft has not identified any mitigating factors for this vulnerability.

 

Workarounds

Microsoft has not identified any workarounds for this vulnerability.

Acknowledgements

Will Dormann CERT/CC

发表评论