High severity7.8CISA KEVNVD Advisory· Published Jan 10, 2018· Updated Jun 17, 2026
CVE-2018-0802
CVE-2018-0802
Description
Equation Editor in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allow a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE is unique from CVE-2018-0797 and CVE-2018-0812.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Microsoft Corporation/Equation Editorv5Range: Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016
Patches
Vulnerability mechanics
References
6- portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0802nvdPatchVendor Advisory
- 0patch.blogspot.com/2018/01/the-bug-that-killed-equation-editor-how.htmlnvdExploitThird Party Advisory
- research.checkpoint.com/another-office-equation-rce-vulnerability/nvdExploit
- www.securityfocus.com/bid/102347nvdBroken LinkThird Party AdvisoryVDB Entry
- www.securitytracker.com/id/1040153nvdBroken LinkThird Party AdvisoryVDB Entry
- www.cisa.gov/known-exploited-vulnerabilities-catalognvdUS Government Resource
News mentions
2- Cloud Atlas activity in the second half of 2025 and early 2026: new tools and a new payloadSecurelist · May 22, 2026
- Exploits and vulnerabilities in Q1 2026Securelist · May 7, 2026