What is CVE-2018-0950?

CVE-2018-0950 is a vulnerability in Microsoft Office. Published 2018-04-12.

Is CVE-2018-0950 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Microsoft Office

CVE-2018-0950

An information disclosure vulnerability exists when Office renders Rich Text Format (RTF) email messages containing OLE objects when a message is opened or previewed, aka "Microsoft Office Information Disclosure Vulnerability." This affect…

EPSS: 0.107 (93.5th percentile) — read the EPSS interpretation.

Affected products

Microsoft Office — versions 2010 Service Pack 2 (64-bit editions), 2010 Service Pack 2 (32-bit editions), 2016 Click-to-Run (C2R) for 64-bit editions
Microsoft Word — versions 2016 (64-bit edition), 2010 Service Pack 2 (64-bit editions), 2010 Service Pack 2 (32-bit editions)

Public proof-of-concept exploits

ARPSyndicate/cvemon

References

portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0950 (x_refsource_CONFIRM)
103642 (vdb-entry, x_refsource_BID)
1040654 (vdb-entry, x_refsource_SECTRACK)

Frequently asked questions

What is CVE-2018-0950?: CVE-2018-0950 is a vulnerability in Microsoft Office. Published 2018-04-12.
Is CVE-2018-0950 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.