vulnerability

Microsoft Office: CVE-2018-0849: Microsoft Office Memory Corruption Vulnerability

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
9	(AV:N/AC:M/Au:N/C:C/I:C/A:C)	Jan 22, 2018	Jun 20, 2023	May 29, 2026

Severity

CVSS

(AV:N/AC:M/Au:N/C:C/I:C/A:C)

Published

Jan 22, 2018

Added

Jun 20, 2023

Modified

May 29, 2026

Description

Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Word Remote Code Execution Vulnerability". This CVE is unique from CVE-2018-0805, CVE-2018-0806, and CVE-2018-0807.

Solution

microsoft-word_2016-kb4011643

References

CVE-2018-0849
https://attackerkb.com/topics/CVE-2018-0849
EUVD-EUVD-2018-1649
https://euvd.enisa.europa.eu/vulnerability/EUVD-2018-1649
https://support.microsoft.com/help/4011643

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report