PatchSiren cyber security CVE debrief
CVE-2018-0798 Microsoft CVE debrief
CVE-2018-0798 is listed by CISA in the Known Exploited Vulnerabilities catalog as a Microsoft Office memory corruption vulnerability. That designation means the issue is treated as actively exploited and should be handled as a high-priority remediation item. The supplied public sources do not include a CVSS score, affected versions, specific component details, or attack mechanics, so this debrief stays at the catalog and remediation level. CISA added the entry on 2021-11-03 and set a remediation due date of 2022-05-03.
- Vendor
- Microsoft
- Product
- Office
- CVSS
- Unknown
- CISA KEV
- Listed
- Original CVE published
- 2021-11-03
- Original CVE updated
- 2021-11-03
- Advisory published
- 2021-11-03
- Advisory updated
- 2021-11-03
Who should care
Security, IT, and endpoint management teams responsible for Microsoft Office deployments and patch compliance.
Technical summary
The public record identifies CVE-2018-0798 as a Microsoft Office memory corruption vulnerability. CISA’s Known Exploited Vulnerabilities catalog marks it as known exploited and directs organizations to apply vendor updates. The supplied corpus does not provide deeper technical specifics such as the affected Office component, versions, exploit chain, or CVSS score.
Defensive priority
High
Recommended defensive actions
- Apply Microsoft updates for Office per vendor instructions.
- Verify all managed Office installations are fully patched and on supported builds.
- Track remediation against CISA KEV deadlines and confirm closure in vulnerability management reports.
- Escalate any remaining exceptions for compensating controls and management approval.
Evidence notes
CISA KEV metadata identifies CVE-2018-0798 as 'Microsoft Office Memory Corruption Vulnerability,' with dateAdded 2021-11-03, dueDate 2022-05-03, and requiredAction 'Apply updates per vendor instructions.' The official CVE and NVD records corroborate the identifier, but the supplied corpus does not include additional technical details or a CVSS score.
Official resources
-
CVE-2018-0798 CVE record
CVE.org
-
CVE-2018-0798 NVD detail
NVD
-
CISA Known Exploited Vulnerabilities catalog
CISA - Apply updates per vendor instructions.
-
Source item URL
cisa_kev
This debrief is limited to the supplied CISA KEV and official record metadata. It does not add unverified exploit, impact, version, or component details not present in the corpus.