Unrated severityCISA KEVNVD Advisory· Published Jan 10, 2018· Updated Oct 21, 2025
CVE-2018-0802
CVE-2018-0802
Description
Equation Editor in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allow a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE is unique from CVE-2018-0797 and CVE-2018-0812.
Affected products
1- Microsoft Corporation/Equation Editorv5Range: Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- www.securityfocus.com/bid/102347mitrevdb-entryx_refsource_BID
- www.securitytracker.com/id/1040153mitrevdb-entryx_refsource_SECTRACK
- 0patch.blogspot.com/2018/01/the-bug-that-killed-equation-editor-how.htmlmitrex_refsource_MISC
- portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0802mitrex_refsource_CONFIRM
- research.checkpoint.com/another-office-equation-rce-vulnerability/mitrex_refsource_MISC
News mentions
1- Exploits and vulnerabilities in Q1 2026Securelist · May 7, 2026