Endpoint Vulnerability

Microsoft Office Information Disclosure Vulnerability

Description

An information disclosure vulnerability exists when Office renders Rich Text Format (RTF) email messages containing OLE objects when a message is opened or previewed. This vulnerability could potentially result in the disclosure of sensitive information to a malicious site.

Affected Products

Microsoft Office 2010 Service Pack 2 (32-bit editions),Microsoft Office 2010 Service Pack 2 (64-bit editions),Microsoft Office 2016 Click-to-Run (C2R) for 32-bit editions,Microsoft Office 2016 Click-to-Run (C2R) for 64-bit editions,Microsoft Office Compatibility Pack Service Pack 3,Microsoft Word 2007 Service Pack 3,Microsoft Word 2010 Service Pack 2 (32-bit editions),Microsoft Word 2010 Service Pack 2 (64-bit editions),Microsoft Word 2013 RT Service Pack 1,Microsoft Word 2013 Service Pack 1 (32-bit editions)

References

CVE-2018-0950,