Microsoft Outlook retrieves remote OLE content without prompting
2018-04-10T00:00:00
ID VU:974272 Type cert Reporter CERT Modified 2019-01-10T16:35:00
Description
Overview
When a Rich Text (RTF) email is previewed in Microsoft Outlook, remotely-hosted OLE content is retrieved without requiring any additional user interaction. This can leak private information including the user's password hash, which may be cracked by an attacker.
Description
Microsoft Outlook will automatically retrieve remote OLE content when an RTF email is previewed. When remote OLE content is hosted on a SMB/CIFS server, the Windows client system will attempt to authenticate with the server using single sign-on (SSO). This may leak the user's IP address, domain name, user name, host name, and password hash. If the user's password is not complex enough, then an attacker may be able to crack the password in a short amount of time.
Impact
By convincing a user to preview an RTF email message with Microsoft Outlook, a remote, unauthenticated attacker may be able to obtain the victim's ip address, domain name, user name, host name, and password hash. This password hash may be cracked offline. This vulnerability may be combined with other vulnerabilities to modify the impact. For example, when combined with VU#867968, an attacker could cause a Windows system to blue-screen crash (BSOD) when a specially-crafted email is previewed with Microsoft Outlook.
Solution
Apply an update
This vulnerability is addressed in the Microsoft update for CVE-2018-0950. This update prevents Outlook from automatically initiating SMB connections when an RTF email is previewed. Note that other techniques requiring additional user interaction will still function after this patch is installed. For example, if an email contains a UNC link, like \\attacker\foo, Outlook will automatically make this link clickable. If a user clicks such a link, the impact will be the same as with this vulnerability. For this reason, please also consider the following workarounds.
Block inbound and outbound SMB connections at your network border
This can be accomplished by blocking ports 445/tcp, 137/tcp, 139/tcp, as well as 137/udp and 139/udp.
Block NTLM Single Sign-on (SSO) authentication
Block NTLM Single Sign-on (SSO) authentication, as specified in Microsoft Security Advisory ADV170014. Starting with Windows 10 and Server 2016, if the **EnterpriseAccountSSO** registry value is created and set to **0**, SSO authentication will be disabled for external and unspecified network resources. With this registry change, accessing SMB resources is still allowed, but external and unspecified SMB resources will require the user to enter credentials as opposed to automatically attempting to use the hash of the currently logged-on user.
Use complex passwords
Assume that at some point your client system will attempt to make an SMB connection to an attacker's server. For this reason, make sure that any Windows login has a sufficiently complex password so that it is resistant to cracking. The following two strategies can help achieve this goal:
Use a password manager to help generate complex random passwords. This strategy can help ensure the use of unique passwords across resources that you use, and it can ensure that the passwords are of a sufficient complexity and randomness.
Use longer passphrases (with mixed-case letters, numbers and symbols) instead of passwords. This strategy can produce memorable credentials that do not require additional software to store and retrieve.
Vendor Information
974272
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Microsoft Affected
Notified: November 29, 2016 Updated: April 06, 2018
Status
Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
This vulnerability was reported by Will Dormann of the CERT/CC.
This document was written by Will Dormann.
Other Information
CVE IDs: | CVE-2018-0950
---|--- Date Public: | 2018-04-10 Date First Published: | 2018-04-10 Date Last Updated: | 2019-01-10 16:35 UTC Document Revision: | 30
{"id": "VU:974272", "type": "cert", "bulletinFamily": "info", "title": "Microsoft Outlook retrieves remote OLE content without prompting", "description": "### Overview \n\nWhen a Rich Text (RTF) email is previewed in Microsoft Outlook, remotely-hosted OLE content is retrieved without requiring any additional user interaction. This can leak private information including the user's password hash, which may be cracked by an attacker.\n\n### Description \n\nMicrosoft Outlook will automatically retrieve remote OLE content when an RTF email is previewed. When remote OLE content is hosted on a SMB/CIFS server, the Windows client system will attempt to authenticate with the server using single sign-on (SSO). This may leak the user's IP address, domain name, user name, host name, and password hash. If the user's password is not complex enough, then an attacker may be able to crack the password in a short amount of time. \n \n--- \n \n### Impact \n\nBy convincing a user to preview an RTF email message with Microsoft Outlook, a remote, unauthenticated attacker may be able to obtain the victim's ip address, domain name, user name, host name, and password hash. This password hash may be cracked offline. This vulnerability may be combined with other vulnerabilities to modify the impact. For example, when combined with [VU#867968](<https://www.kb.cert.org/vuls/id/867968>), an attacker could cause a Windows system to blue-screen crash (BSOD) when a specially-crafted email is previewed with Microsoft Outlook. \n \n--- \n \n### Solution \n\n**Apply an update**\n\nThis vulnerability is addressed in the [Microsoft update for CVE-2018-0950](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0950>). This update prevents Outlook from automatically initiating SMB connections when an RTF email is previewed. Note that other techniques requiring additional user interaction will still function after this patch is installed. For example, if an email contains a UNC link, like `\\\\attacker\\foo`, Outlook will automatically make this link clickable. If a user clicks such a link, the impact will be the same as with this vulnerability. For this reason, please also consider the following workarounds. \n \n--- \n \n**Block inbound and outbound SMB connections at your network border** \n \nThis can be accomplished by blocking ports 445/tcp, 137/tcp, 139/tcp, as well as 137/udp and 139/udp. \n \n**Block NTLM Single Sign-on (SSO) authentication** \n \nBlock NTLM Single Sign-on (SSO) authentication, as specified in [Microsoft Security Advisory ADV170014](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV170014>). Starting with Windows 10 and Server 2016, if the `**EnterpriseAccountSSO**` registry value is created and set to `**0**`, SSO authentication will be disabled for external and unspecified network resources. With this registry change, accessing SMB resources is still allowed, but external and unspecified SMB resources will require the user to enter credentials as opposed to automatically attempting to use the hash of the currently logged-on user. \n \n**Use complex passwords** \n \nAssume that at some point your client system will attempt to make an SMB connection to an attacker's server. For this reason, make sure that any Windows login has a sufficiently complex password so that it is resistant to cracking. The following two strategies can help achieve this goal:\n\n 1. Use a password manager to help generate complex random passwords. This strategy can help ensure the use of unique passwords across resources that you use, and it can ensure that the passwords are of a sufficient complexity and randomness.\n 2. Use longer passphrases (with mixed-case letters, numbers and symbols) instead of passwords. This strategy can produce memorable credentials that do not require additional software to store and retrieve. \n--- \n \n### Vendor Information\n\n974272\n\nFilter by status: All Affected Not Affected Unknown\n\nFilter by content: __ Additional information available\n\n__ Sort by: Status Alphabetical\n\nExpand all\n\n**Javascript is disabled. Click here to view vendors.**\n\n### Microsoft Affected\n\nNotified: November 29, 2016 Updated: April 06, 2018 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0950>\n * <https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV170014>\n\n \n\n\n### CVSS Metrics \n\nGroup | Score | Vector \n---|---|--- \nBase | 5 | AV:N/AC:L/Au:N/C:P/I:N/A:N \nTemporal | 4.1 | E:F/RL:OF/RC:ND \nEnvironmental | 4.1 | CDP:ND/TD:H/CR:ND/IR:ND/AR:ND \n \n \n\n\n### References \n\n * <https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0950>\n * <https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV170014>\n\n### Acknowledgements\n\nThis vulnerability was reported by Will Dormann of the CERT/CC.\n\nThis document was written by Will Dormann.\n\n### Other Information\n\n**CVE IDs:** | [CVE-2018-0950](<http://web.nvd.nist.gov/vuln/detail/CVE-2018-0950>) \n---|--- \n**Date Public:** | 2018-04-10 \n**Date First Published:** | 2018-04-10 \n**Date Last Updated: ** | 2019-01-10 16:35 UTC \n**Document Revision: ** | 30 \n", "published": "2018-04-10T00:00:00", "modified": "2019-01-10T16:35:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "href": "https://www.kb.cert.org/vuls/id/974272", "reporter": "CERT", "references": ["https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0950", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV170014"], "cvelist": ["CVE-2018-0950"], "lastseen": "2020-09-18T20:44:08", "viewCount": 486, "enchantments": {"score": {"value": 5.8, "vector": "NONE", "modified": "2020-09-18T20:44:08", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2018-0950"]}, {"type": "symantec", "idList": ["SMNTC-103642"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310812857", "OPENVAS:1361412562310813134", "OPENVAS:1361412562310813135", "OPENVAS:1361412562310812858", "OPENVAS:1361412562310812855", "OPENVAS:1361412562310812591"]}, {"type": "mskb", "idList": ["KB4018355", "KB4018359", "KB4018354", "KB4018347", "KB4018357", "KB4018339"]}, {"type": "thn", "idList": ["THN:719D0FE398D686B47A0159195F110097"]}, {"type": "nessus", "idList": ["SMB_NT_MS18_APR_OFFICE_COMPATIBILITY.NASL", "SMB_NT_MS18_APR_WORD.NASL", "SMB_NT_MS18_APR_OFFICE.NASL"]}, {"type": "threatpost", "idList": ["THREATPOST:5385B36EBC1397DC1F0EE8F48E987451", "THREATPOST:2DDB1918554F258230A7F9D56F220D8F"]}, {"type": "kaspersky", "idList": ["KLA11225"]}, {"type": "talosblog", "idList": ["TALOSBLOG:76829FABFE02C32CB6E07FE9D9A8F09B"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:CA6E4ACCDF2EEC642B7D6E90848F2DB0"]}], "modified": "2020-09-18T20:44:08", "rev": 2}, "vulnersScore": 5.8}}
{"cve": [{"lastseen": "2020-10-03T13:20:07", "description": "An information disclosure vulnerability exists when Office renders Rich Text Format (RTF) email messages containing OLE objects when a message is opened or previewed, aka \"Microsoft Office Information Disclosure Vulnerability.\" This affects Microsoft Word, Microsoft Office. This CVE ID is unique from CVE-2018-1007.", "edition": 4, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 3.6}, "published": "2018-04-12T01:29:00", "title": "CVE-2018-0950", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-0950"], "modified": "2020-08-24T17:37:00", "cpe": ["cpe:/a:microsoft:word:2007", "cpe:/a:microsoft:word:2013", "cpe:/a:microsoft:office:2010", "cpe:/a:microsoft:word:2010", "cpe:/a:microsoft:word:2016", "cpe:/a:microsoft:office_compatibility_pack:-", "cpe:/a:microsoft:office:2016"], "id": "CVE-2018-0950", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0950", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:microsoft:word:2013:sp1:*:*:rt:*:*:*", "cpe:2.3:a:microsoft:office:2016:*:*:*:click-to-run:*:*:*", "cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:*:*", "cpe:2.3:a:microsoft:word:2013:sp1:*:*:*:*:*:*", "cpe:2.3:a:microsoft:word:2010:sp2:*:*:*:*:*:*", "cpe:2.3:a:microsoft:word:2016:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:office_compatibility_pack:-:sp3:*:*:*:*:*:*", "cpe:2.3:a:microsoft:word:2007:sp3:*:*:*:*:*:*"]}], "symantec": [{"lastseen": "2018-04-11T07:17:20", "bulletinFamily": "software", "cvelist": ["CVE-2018-0950"], "description": "### Description\n\nMicrosoft Office is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in further attacks.\n\n### Technologies Affected\n\n * Microsoft Office 2010 Service Pack 2 (32-bit editions) \n * Microsoft Office 2010 Service Pack 2 (64-bit editions) \n * Microsoft Office 2016 Click-to-Run (C2R) for 32-bit edition \n * Microsoft Office 2016 Click-to-Run (C2R) for 64-bit edition \n * Microsoft Office Compatibility Pack Service Pack 3 \n * Microsoft Word 2007 Service Pack 3 \n * Microsoft Word 2010 Service Pack 2 (32-bit editions) \n * Microsoft Word 2010 Service Pack 2 (64-bit editions) \n * Microsoft Word 2013 RT Service Pack 1 \n * Microsoft Word 2013 Service Pack 1 (32-bit editions) \n * Microsoft Word 2013 Service Pack 1 (64-bit editions) \n * Microsoft Word 2016 (32-bit edition) \n * Microsoft Word 2016 (64-bit edition) \n\n### Recommendations\n\n**Run all software as a nonprivileged user with minimal access rights.** \nWhen possible, run all software as a user with minimal privileges and limited access to system resources. Use additional precautions such as restrictive environments to insulate software that may potentially handle malicious content.\n\n**Deploy network intrusion detection systems to monitor network traffic for malicious activity.** \nDeploy NIDS to monitor network traffic for signs of anomalous or suspicious activity. This may indicate exploit attempts or activity that results from successful exploits.\n\n**Do not follow links provided by unknown or untrusted sources.** \nWeb users should be cautious about following links to sites that are provided by unfamiliar or suspicious sources. Filtering HTML from emails may help remove a possible vector for transmitting malicious links to users.\n\nUpdates are available. Please see the references or vendor advisory for more information.\n", "modified": "2018-04-10T00:00:00", "published": "2018-04-10T00:00:00", "id": "SMNTC-103642", "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/103642", "type": "symantec", "title": "Microsoft Office CVE-2018-0950 Information Disclosure Vulnerability", "cvss": {"score": 0.0, "vector": "NONE"}}], "openvas": [{"lastseen": "2020-06-08T23:06:17", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-0950"], "description": "This host is missing an important security\n update according to Microsoft KB4018359", "modified": "2020-06-04T00:00:00", "published": "2018-04-11T00:00:00", "id": "OPENVAS:1361412562310812857", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310812857", "type": "openvas", "title": "Microsoft Word 2010 Service Pack 2 Information Disclosure Vulnerability (KB4018359)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Word 2010 Service Pack 2 Information Disclosure Vulnerability (KB4018359)\n#\n# Authors:\n# Rajat Mishra <rajatm@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.812857\");\n script_version(\"2020-06-04T11:13:22+0000\");\n script_cve_id(\"CVE-2018-0950\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-06-04 11:13:22 +0000 (Thu, 04 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-04-11 08:50:08 +0530 (Wed, 11 Apr 2018)\");\n script_name(\"Microsoft Word 2010 Service Pack 2 Information Disclosure Vulnerability (KB4018359)\");\n\n script_tag(name:\"summary\", value:\"This host is missing an important security\n update according to Microsoft KB4018359\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaw exists due to Office rendering Rich\n Text Format (RTF) email messages containing OLE objects when a message is opened\n or previewed.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to automatically initiate SMB session and to brute-force attack and disclose\n the hash password.\");\n\n script_tag(name:\"affected\", value:\"Microsoft Word 2010 Service Pack 2.\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4018359\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"secpod_office_products_version_900032.nasl\");\n script_mandatory_keys(\"SMB/Office/Word/Version\");\n\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nexeVer = get_kb_item(\"SMB/Office/Word/Version\");\nif(!exeVer){\n exit(0);\n}\n\nexePath = get_kb_item(\"SMB/Office/Word/Install/Path\");\nif(!exePath){\n exePath = \"Unable to fetch the install path\";\n}\n\nif(exeVer =~ \"^(14\\.)\" && version_is_less(version:exeVer, test_version:\"14.0.7197.5000\"))\n{\n report = 'File checked: ' + exePath + \"winword.exe\" + '\\n' +\n 'File version: ' + exeVer + '\\n' +\n 'Vulnerable range: 14.0 - 14.0.7197.4999' + '\\n' ;\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-06-08T23:06:11", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-0950"], "description": "This host is missing an important security\n update according to Microsoft KB4018355", "modified": "2020-06-04T00:00:00", "published": "2018-04-11T00:00:00", "id": "OPENVAS:1361412562310812858", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310812858", "type": "openvas", "title": "Microsoft Word 2007 Service Pack 3 Information Disclosure Vulnerability (KB4018355)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Word 2007 Service Pack 3 Information Disclosure Vulnerability (KB4018355)\n#\n# Authors:\n# Rajat Mishra <rajatm@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.812858\");\n script_version(\"2020-06-04T11:13:22+0000\");\n script_cve_id(\"CVE-2018-0950\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-06-04 11:13:22 +0000 (Thu, 04 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-04-11 08:51:42 +0530 (Wed, 11 Apr 2018)\");\n script_name(\"Microsoft Word 2007 Service Pack 3 Information Disclosure Vulnerability (KB4018355)\");\n\n script_tag(name:\"summary\", value:\"This host is missing an important security\n update according to Microsoft KB4018355\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaw exists due to an error when Office\n renders Rich Text Format (RTF) email messages containing OLE objects when a\n message is opened or previewed.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an\n attacker to gain access to potentially sensitive information.\");\n\n script_tag(name:\"affected\", value:\"Microsoft Word 2007 Service Pack 3.\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4018355\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"secpod_office_products_version_900032.nasl\");\n script_mandatory_keys(\"SMB/Office/Word/Version\");\n\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nexeVer = get_kb_item(\"SMB/Office/Word/Version\");\nif(!exeVer){\n exit(0);\n}\n\nexePath = get_kb_item(\"SMB/Office/Word/Install/Path\");\nif(!exePath){\n exePath = \"Unable to fetch the install path\";\n}\n\nif(exeVer =~ \"^(12\\.)\" && version_is_less(version:exeVer, test_version:\"12.0.6787.5000\"))\n{\n report = report_fixed_ver(file_checked:exePath + \"winword.exe\",\n file_version:exeVer, vulnerable_range:\"12.0 - 12.0.6787.4999\");\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-06-08T23:05:59", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-0950"], "description": "This host is missing an important security\n update according to Microsoft KB4018339", "modified": "2020-06-04T00:00:00", "published": "2018-04-11T00:00:00", "id": "OPENVAS:1361412562310812855", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310812855", "type": "openvas", "title": "Microsoft Word 2016 Information Disclosure Vulnerability (KB4018339)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Word 2016 Information Disclosure Vulnerability (KB4018339)\n#\n# Authors:\n# Rajat Mishra <rajatm@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.812855\");\n script_version(\"2020-06-04T11:13:22+0000\");\n script_cve_id(\"CVE-2018-0950\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-06-04 11:13:22 +0000 (Thu, 04 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-04-11 08:41:50 +0530 (Wed, 11 Apr 2018)\");\n script_name(\"Microsoft Word 2016 Information Disclosure Vulnerability (KB4018339)\");\n\n script_tag(name:\"summary\", value:\"This host is missing an important security\n update according to Microsoft KB4018339\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaw exists when Office renders Rich\n Text Format (RTF) email messages containing OLE objects when a message is\n opened or previewed.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to disclose sensitive information to a malicious site.\");\n\n script_tag(name:\"affected\", value:\"Microsoft Word 2016.\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4018339\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"secpod_office_products_version_900032.nasl\");\n script_mandatory_keys(\"SMB/Office/Word/Version\");\n\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nexeVer = get_kb_item(\"SMB/Office/Word/Version\");\nif(!exeVer){\n exit(0);\n}\n\nexePath = get_kb_item(\"SMB/Office/Word/Install/Path\");\nif(!exePath){\n exePath = \"Unable to fetch the install path\";\n}\n\nif(exeVer =~ \"^(16\\.)\" && version_is_less(version:exeVer, test_version:\"16.0.4678.1001\"))\n{\n report = 'File checked: ' + exePath + \"winword.exe\" + '\\n' +\n 'File version: ' + exeVer + '\\n' +\n 'Vulnerable range: 16.0 - 16.0.4678.1000' + '\\n' ;\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-06-08T23:06:08", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-0950"], "description": "This host is missing an important security\n update according to Microsoft KB4018347", "modified": "2020-06-04T00:00:00", "published": "2018-04-11T00:00:00", "id": "OPENVAS:1361412562310812591", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310812591", "type": "openvas", "title": "Microsoft Word 2013 Service Pack 1 Information Disclosure Vulnerability (KB4018347)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Word 2013 Service Pack 1 Information Disclosure Vulnerability (KB4018347)\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.812591\");\n script_version(\"2020-06-04T11:13:22+0000\");\n script_cve_id(\"CVE-2018-0950\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-06-04 11:13:22 +0000 (Thu, 04 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-04-11 10:33:34 +0530 (Wed, 11 Apr 2018)\");\n script_name(\"Microsoft Word 2013 Service Pack 1 Information Disclosure Vulnerability (KB4018347)\");\n\n script_tag(name:\"summary\", value:\"This host is missing an important security\n update according to Microsoft KB4018347\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaw exists when Office renders Rich\n Text Format (RTF) email messages containing OLE objects while a message is\n opened or previewed.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to gain access to potentially sensitive information.\");\n\n script_tag(name:\"affected\", value:\"Microsoft Word 2013 Service Pack 1.\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4018347\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"secpod_office_products_version_900032.nasl\");\n script_mandatory_keys(\"SMB/Office/Word/Version\");\n\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nexeVer = get_kb_item(\"SMB/Office/Word/Version\");\nif(!exeVer){\n exit(0);\n}\n\nexePath = get_kb_item(\"SMB/Office/Word/Install/Path\");\nif(!exePath){\n exePath = \"Unable to fetch the install path\";\n}\n\nif(exeVer =~ \"^(15\\.)\" && version_is_less(version:exeVer, test_version:\"15.0.5023.1000\"))\n{\n report = report_fixed_ver(file_checked: exePath + \"winword.exe\",\n file_version:exeVer, vulnerable_range:\"15.0 - 15.0.5023.0999\");\n security_message(data:report);\n}\nexit(0);\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-06-08T23:06:01", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-0950"], "description": "This host is missing an important security\n update according to Microsoft KB4018354", "modified": "2020-06-04T00:00:00", "published": "2018-04-11T00:00:00", "id": "OPENVAS:1361412562310813134", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310813134", "type": "openvas", "title": "Microsoft Office Compatibility Pack Service Pack 3 Information Disclosure Vulnerability (KB4018354)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Office Compatibility Pack Service Pack 3 Information Disclosure Vulnerability (KB4018354)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.813134\");\n script_version(\"2020-06-04T11:13:22+0000\");\n script_cve_id(\"CVE-2018-0950\");\n script_bugtraq_id(103642);\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-06-04 11:13:22 +0000 (Thu, 04 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-04-11 14:42:32 +0530 (Wed, 11 Apr 2018)\");\n script_name(\"Microsoft Office Compatibility Pack Service Pack 3 Information Disclosure Vulnerability (KB4018354)\");\n\n script_tag(name:\"summary\", value:\"This host is missing an important security\n update according to Microsoft KB4018354\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaw exists due to error when Office\n renders Rich Text Format (RTF) email messages containing OLE objects when\n a message is opened or previewed.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to gain access to potentially sensitive information.\");\n\n script_tag(name:\"affected\", value:\"Microsoft Office Compatibility Pack Service Pack 3.\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4018354\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"secpod_office_products_version_900032.nasl\");\n script_mandatory_keys(\"SMB/Office/ComptPack/Version\", \"SMB/Office/WordCnv/Version\");\n script_require_ports(139, 445);\n\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\ncmpPckVer = get_kb_item(\"SMB/Office/ComptPack/Version\");\nif(cmpPckVer && cmpPckVer =~ \"^12\\.\")\n{\n os_arch = get_kb_item(\"SMB/Windows/Arch\");\n if(\"x86\" >< os_arch){\n key_list = make_list(\"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\");\n }\n else if(\"x64\" >< os_arch){\n key_list = make_list(\"SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\",\n \"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\");\n }\n\n foreach key(key_list)\n {\n msPath = registry_get_sz(key:key, item:\"ProgramFilesDir\");\n if(msPath)\n {\n wordcnvVer = get_kb_item(\"SMB/Office/WordCnv/Version\");\n if(wordcnvVer && wordcnvVer =~ \"^12\\.\")\n {\n offpath = msPath + \"\\Microsoft Office\\Office12\";\n {\n sysVer = fetch_file_version(sysPath:offpath, file_name:\"wordcnv.dll\");\n if(sysVer && sysVer =~ \"^12\\.0\")\n {\n if(version_is_less(version:sysVer, test_version:\"12.0.6787.5000\"))\n {\n report = report_fixed_ver(file_checked:offpath + \"\\wordcnv.dll\",\n file_version:sysVer, vulnerable_range:\"12.0 - 12.0.6787.4999\");\n security_message(data:report);\n exit(0);\n }\n }\n }\n }\n }\n }\n}\nexit(0);\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-06-08T23:05:59", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-1030", "CVE-2018-1026", "CVE-2018-0950", "CVE-2018-1029"], "description": "This host is missing an important security\n update according to Microsoft Office Click-to-Run updates.", "modified": "2020-06-04T00:00:00", "published": "2018-04-12T00:00:00", "id": "OPENVAS:1361412562310813135", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310813135", "type": "openvas", "title": "Microsoft Office 2016 And Excel 2016 Click-to-Run (C2R) Multiple Vulnerabilities - Apr18", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Office 2016 And Excel 2016 Click-to-Run (C2R) Multiple Vulnerabilities-Apr18\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.813135\");\n script_version(\"2020-06-04T11:13:22+0000\");\n script_cve_id(\"CVE-2018-0950\", \"CVE-2018-1026\", \"CVE-2018-1030\", \"CVE-2018-1029\");\n script_bugtraq_id(103620, 103613, 103620, 103617);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-04 11:13:22 +0000 (Thu, 04 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-04-12 11:54:08 +0530 (Thu, 12 Apr 2018)\");\n script_name(\"Microsoft Office 2016 And Excel 2016 Click-to-Run (C2R) Multiple Vulnerabilities - Apr18\");\n\n script_tag(name:\"summary\", value:\"This host is missing an important security\n update according to Microsoft Office Click-to-Run updates.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to error in the\n office application when Office renders Rich Text Format (RTF) email messages\n containing OLE objects while a message is opened or previewed and when the\n office software fails to properly handle objects in memory.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to gain access to potentially sensitive information and execute arbitrary code\n in context of current user.\");\n\n script_tag(name:\"affected\", value:\"Microsoft Office 2016 and Microsoft Excel 2016 Click-to-Run.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to latest version of Microsoft Office\n 2016 Click-to-Run with respect to update channel used. Please see the references for more information.\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://technet.microsoft.com/en-us/office/mt465751\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"gb_ms_office_click2run_detect_win.nasl\");\n script_mandatory_keys(\"MS/Off/C2R/Ver\", \"MS/Office/C2R/UpdateChannel\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nofficeVer = get_kb_item(\"MS/Off/C2R/Ver\");\nif(!officeVer || officeVer !~ \"^16\\.\"){\n exit(0);\n}\n\nUpdateChannel = get_kb_item(\"MS/Office/C2R/UpdateChannel\");\nofficePath = get_kb_item(\"MS/Off/C2R/InstallPath\");\n\n##1803 (Build 9126.2152)\nif(UpdateChannel == \"Monthly Channel\")\n{\n if(version_is_less(version:officeVer, test_version:\"16.0.9126.2152\")){\n fix = \"1803 (Build 9126.2152)\";\n }\n}\n##1708 (Build 8431.2242)\nelse if(UpdateChannel == \"Semi-Annual Channel\")\n{\n if(version_is_less(version:officeVer, test_version:\"16.0.8431.2242\")){\n fix = \"1708 (Build 8431.2242)\";\n }\n}\n##1803 (Build 9126.2152)\nelse if(UpdateChannel == \"Semi-Annual Channel (Targeted)\")\n{\n if(version_is_less(version:officeVer, test_version:\"16.0.9126.2152)\")){\n fix = \"1803 (Build 9126.2152)\";\n }\n}\n##1705 (Build 8201.2272)\nelse if(UpdateChannel == \"Deferred Channel\")\n{\n if(version_is_less(version:officeVer, test_version:\"16.0.8201.2272\")){\n fix = \"1705 (Build 8201.2272)\";\n }\n}\n\nif(fix)\n{\n report = report_fixed_ver(installed_version:officeVer, fixed_version:fix, install_path:officePath);\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "threatpost": [{"lastseen": "2019-04-25T05:50:16", "bulletinFamily": "info", "cvelist": ["CVE-2018-0950"], "description": "A vulnerability in Microsoft Outlook allowed hackers to steal a user\u2019s Windows password just by having the target preview an email with a Rich Text Format (RTF) attachment that contained a remotely hosted OLE object.\n\nThe bug was patched by Microsoft as part of its [April Patch Tuesday fixes](<https://threatpost.com/microsoft-fixes-66-bugs-in-april-patch-tuesday-release/131127/>), over a year after it was first identified.\n\n\u201cBy convincing a user to preview an RTF email message with Microsoft Outlook, a remote, unauthenticated attacker may be able to obtain the victim\u2019s IP address, domain name, user name, host name, and password hash,\u201d according to [the CERT description](<https://www.kb.cert.org/vuls/id/974272>) of the vulnerability, found by Will Dormann, a researcher with the CERT Coordination Center.\n\nNext, Dormann was able to crack password hashes offline.\n\nThe vulnerability ([CVE-2018-0950](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0950>)) is tied to how Windows Object Linking and Embedding (OLE) Automation works in the context of .RTF files. OLE is a Windows protocol that enables applications to share data. For example, OLE allows an author of a document to embed content, such as images and sounds, from one program into Microsoft Office documents as objects.\n\nDormann\u2019s technique also used the Windows\u2019 Server Message Block (SMB) protocol. SMB allows a file on a remote server to be accessed in a similar way to how a file on a local drive can be accessed, he [wrote in a post outlining his research](<https://insights.sei.cmu.edu/cert/2018/04/automatically-stealing-password-hashes-with-microsoft-outlook-and-ole.html>).\n\nBecause Outlook includes the ability to send rich text (RTF) email messages, Dormann was able to insert an (RTF) object into the email message composed in Outloook. The object was hosted on a remote server.\n\n\u201cRTF documents (including email messages) can include OLE objects. Due to SMB, OLE objects can live on remote servers,\u201d Dormann wrote. \u201cWith a rich text email (RTF), the OLE object is loaded with no user interaction\u201d when the email recipient previews the message in Outlook.\n\nMicrosoft has long tried to prevent images from automatically loading in Outlook due to the privacy risk of web bugs. Web bugs are sometimes called tracking beacons and are used by email senders to collect recipient user metadata, such as the system\u2019s IP address and the time a missive is viewed.\n\nMicrosoft does not permit Word and HTML formatted Outlook messages to automatically display OLE or other content unless the user permits it. The loophole Dormann found is with RTF documents and metadata transmitted via the SMB channel.\n\nUsing the Wireshark, the free and open-source packet analyzer, the researcher was able to identify the victim\u2019s IP address, domain name, username and Microsoft LAN Manager (NTLMv2) password hash.\n\n\u201cA remote OLE object in a rich text email messages functions like a web bug on steroids,\u201d Dormann wrote.\n\nThe vulnerability exists because Outlook automatically renders OLE content and initiates an automatic authentication with the attacker\u2019s controlled remote server over SMB protocol using a single sign-on. That exposes the Windows password hash of the person logged into the PC.\n\nMicrosoft was notified of the vulnerability in November 2016 by Dormann, over a year ago.\n\nMicrosoft\u2019s patch ([CVE-2018-0950](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0950>)) prevents Outlook from automatically initiating SMB connections when an RTF email is previewed. But researchers at CERT suggest the fix could be better.\n\n\u201cNote that other techniques requiring additional user interaction will still function after this patch is installed. For example, if an email contains a UNC link, like \\\\\\attacker\\foo, Outlook will automatically make this link clickable. If a user clicks such a link, the impact will be the same as with this vulnerability,\u201d the CERT advisory warns.\n\nSuggested mitigation includes blocking Windows NT LAN Manager from single sign-on authentication and enforcing a policy of requiring users to adopt complex passwords resistant to cracking.\n", "modified": "2018-04-12T19:12:24", "published": "2018-04-12T19:12:24", "id": "THREATPOST:5385B36EBC1397DC1F0EE8F48E987451", "href": "https://threatpost.com/outlook-bug-allowed-hackers-to-use-rtf-files-to-steal-windows-passwords/131169/", "type": "threatpost", "title": "Outlook Bug Allowed Hackers to Use .RTF Files To Steal Windows Passwords", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2020-05-06T22:06:54", "bulletinFamily": "info", "cvelist": ["CVE-2018-0950", "CVE-2019-1105"], "description": "Microsoft has patched a vulnerability in Microsoft Outlook for Android, which opens the door to cross-site scripting (XSS) attacks.\n\nThe software giant said that [CVE-2019-1105](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1105>), rated \u201cimportant,\u201d is a spoofing vulnerability that exists in the way Microsoft Outlook for Android software parses specifically crafted email messages.\n\n\u201cAn authenticated attacker could exploit the vulnerability by sending a specially crafted email message to a victim,\u201d according to Microsoft\u2019s [Thursday advisory](<https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-1105#ID0EGB>). \u201cThe attacker who successfully exploited this vulnerability could then perform cross-site scripting attacks on the affected systems and run scripts in the security context of the current user.\u201d\n\n[](<https://threatpost.com/newsletter-sign/>)\n\nXSS attacks allow malicious scripts to be injected into otherwise benign and trusted websites. According to[ OWASP](<https://www.owasp.org/index.php/Cross-site_Scripting_\\(XSS\\)>), \u201cXSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user. Flaws that allow these attacks to succeed are quite widespread and occur anywhere a web application uses input from a user within the output it generates without validating or encoding it.\u201d\n\nIn a typical case involving email, an attacker could send the target an email with a link containing malicious JavaScript.\n\n\u201cIf the victim clicks on the link, the HTTP request is initiated from the victim\u2019s browser and sent to the vulnerable web application,\u201d according to a [Veracode writeup](<https://www.veracode.com/security/xss>) on XSS. \u201cThe malicious JavaScript is then reflected back to the victim\u2019s browser, where it is executed in the context of the victim user\u2019s session.\u201d\n\nMicrosoft\u2019s security update addresses the vulnerability by ensuring that Outlook for Android now parses those specially crafted email messages correctly, it added. Users should update their applications as soon as possible.\n\nOutlook bugs are not uncommon. Last year, a vulnerability ([CVE-2018-0950](<https://threatpost.com/outlook-bug-allowed-hackers-to-use-rtf-files-to-steal-windows-passwords/131169/>)) in Microsoft Outlook was found that would allow hackers to steal a user\u2019s Windows password just by having the target preview an email with a Rich Text Format (RTF) attachment that contained a remotely hosted OLE object.\n\n\u201cBy convincing a user to preview an RTF email message with Microsoft Outlook, a remote, unauthenticated attacker may be able to obtain the victim\u2019s IP address, domain name, user name, host name, and password hash,\u201d according to the CERT description of the vulnerability, found by Will Dormann, a researcher with the CERT Coordination Center.\n", "modified": "2019-06-21T19:50:33", "published": "2019-06-21T19:50:33", "id": "THREATPOST:2DDB1918554F258230A7F9D56F220D8F", "href": "https://threatpost.com/microsoft-outlook-android-xss/145924/", "type": "threatpost", "title": "Microsoft Outlook for Android Open to XSS Attacks", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}], "thn": [{"lastseen": "2018-04-12T11:01:02", "bulletinFamily": "info", "cvelist": ["CVE-2018-0950"], "description": "[](<https://1.bp.blogspot.com/-m1JXuP_Xdbc/Ws8HZ5IFqmI/AAAAAAAAwM0/nZeGyQ5ZTq4_JEKb-n0C_mtMBksXwK3oACLcBGAs/s1600-e20/microsoft-outlook-hacking-smb-ntmlv2-hash.png>)\n\nA security researcher has disclosed details of an important vulnerability in Microsoft Outlook for which the company released an incomplete [patch this month](<https://thehackernews.com/2018/04/windows-patch-updates.html>)\u2014almost 18 months after receiving the responsible disclosure report. \n \nThe Microsoft Outlook vulnerability (CVE-2018-0950) could allow attackers to steal sensitive information, including users' Windows login credentials, just by convincing victims to preview an email with Microsoft Outlook, without requiring any additional user interaction. \n \nThe vulnerability, [discovered](<https://insights.sei.cmu.edu/cert/2018/04/automatically-stealing-password-hashes-with-microsoft-outlook-and-ole.html>) by Will Dormann of the CERT Coordination Center (CERT/CC), resides in the way Microsoft Outlook renders remotely-hosted OLE content when an RTF (Rich Text Format) email message is previewed and automatically initiates SMB connections. \n \nA remote attacker can exploit this vulnerability by sending an RTF email to a target victim, containing a remotely-hosted image file (OLE object), loading from the attacker-controlled SMB server. \n \nSince Microsoft Outlook automatically renders OLE content, it will initiate an automatic authentication with the attacker's controlled remote server over SMB protocol using single sign-on (SSO), handing over the victim's username and NTLMv2 hashed version of the password, potentially allowing the attacker to gain access to the victim's system. \n\n\n[](<https://1.bp.blogspot.com/-kfALvXpT2Yo/Ws8FxZaYIpI/AAAAAAAAwMY/saNyAMv4Si4kkh7OhwhXNaI5fggKvuRygCLcBGAs/s1600-e20/hack-smb-ntml-hash.png>)\n\n\"This may leak the user's IP address, domain name, username, hostname, and password hash. If the user's password is not complex enough, then an attacker may be able to crack the password in a short amount of time,\" the US-CERT [explains](<https://www.kb.cert.org/vuls/id/974272>). \n \nIf you are thinking, why would your Windows PC automatically hand over your credentials to the attacker's SMB server? \n\n\n[](<https://1.bp.blogspot.com/-10XNsHeum-g/Ws8FdYyyfUI/AAAAAAAAwMU/0xPJw5w9l3MMUX_XJuJy0kFTHY2Sg5fuQCLcBGAs/s1600-e20/smb-authentication.png>)\n\nThis is how authentication via the Server Message Block (SMB) protocol works in combination with the NTLM challenge/response authentication mechanism, as described in the following image. \n \nDormann reported the vulnerability to Microsoft in November 2016, and in an attempt to patch the issue, the company released an incomplete fix in its [April 2018 patch Tuesday update](<https://thehackernews.com/2018/04/windows-patch-updates.html>)\u2014that's almost 18 months of the reporting. \n \nThe security patch only prevents Outlook from automatically initiating SMB connections when it previews RTF emails, but the researcher noted that the fix does not prevent all SMB attacks. \n \n\"It is important to realize that even with this patch, a user is still a single click away from falling victim to the types of attacks described above,\" Dormann said. \"For example, if an email message has a UNC-style link that begins with \"\\\\\\\", clicking the link initiates an SMB connection to the specified server.\" \n\n\n[](<https://1.bp.blogspot.com/-OfmiDWzwR9s/Ws8GUXwBSSI/AAAAAAAAwMg/AkLbVIotvZoOgwyT8XTO0sEaqViL5r1nACLcBGAs/s1600-e20/SMB-hack-outlook.png>)\n\nIf you have already installed the latest [Microsoft patch update](<https://www.blogger.com/>), that's great, but attackers can still exploit this vulnerability. So, Windows users, especially network administrators at corporates, are advised to follow the below-mentioned steps to mitigate this vulnerability. \n\n\n * Apply the [Microsoft update for CVE-2018-0950](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0950>), if you have not yet.\n * Block specific ports (445/tcp, 137/tcp, 139/tcp, along with 137/udp and 139/udp) used for incoming and outgoing SMB sessions.\n * Block NT LAN Manager (NTLM) Single Sign-on (SSO) authentication.\n * Always use complex passwords, that cannot be cracked easily even if their hashes are stolen (you can use password managers to handle this task).\n * Most important, don't click on suspicious links provided in emails.\n", "modified": "2018-04-12T07:29:43", "published": "2018-04-11T20:29:00", "id": "THN:719D0FE398D686B47A0159195F110097", "href": "https://thehackernews.com/2018/04/outlook-smb-vulnerability.html", "type": "thn", "title": "Flaw in Microsoft Outlook Lets Hackers Easily Steal Your Windows Password", "cvss": {"score": 0.0, "vector": "NONE"}}], "mskb": [{"lastseen": "2021-01-01T22:39:15", "bulletinFamily": "microsoft", "cvelist": ["CVE-2018-0950"], "description": "<html><body><p>Description of the security update for Word 2007: April 10, 2018</p><h2>Summary</h2><div><p>This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see <a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0950\">Microsoft Common Vulnerabilities and Exposures CVE-2018-0950</a>.<br/><br/><strong>Note</strong> To apply this security update, you must have the release version of <a href=\"http://support.microsoft.com/kb/949585\">Service Pack 3 for the 2007 Microsoft Office Suite</a> installed on the computer.</p></div><h2>How to get and install the update</h2><h3>Method 1: Microsoft Update</h3><p>This update is available from Microsoft Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to get security updates automatically, see <a bookmark-id=\"\" data-content-id=\"\" data-content-type=\"\" href=\"https://support.microsoft.com/en-us/help/12373/windows-update-faq\" managed-link=\"\" target=\"_blank\">Windows Update: FAQ</a>.</p><h3>Method 2: Microsoft Update Catalog</h3><p>To get the stand-alone package for this update, go to the <a bookmark-id=\"\" data-content-id=\"\" data-content-type=\"\" href=\"http://www.catalog.update.microsoft.com/Search.aspx?q=KB4018355\" managed-link=\"\" target=\"\">Microsoft Update Catalog</a> website.</p><h3>Method 3: Microsoft Download Center</h3><p>You can get the stand-alone update package through the Microsoft Download Center. Follow the installation instructions on the download page to install the update.</p><ul linespacing=\"1\" style=\"list-style-type:UnorderedBullets\" type=\"UnorderedBullets\"><li><span asset=\"4009805\" contenteditable=\"false\" props='{\"size\":\"full\"}' unselectable=\"on\">4009805</span><a bookmark-id=\"\" data-content-id=\"\" href=\"http://www.microsoft.com/download/details.aspx?familyid=def0d181-207b-4448-bc2c-6037043cbaed\" managed-link=\"\">Download security update 4018355 for the 32-bit version of Word 2007</a></li></ul><h2>More Information</h2><h3>Security update deployment information</h3><p>For deployment information about this update, see <a href=\"https://support.microsoft.com/en-us/help/20180410\">security update deployment information: April 10, 2018</a>.</p><h3>Security update replacement information</h3><p>This security update replaces previously released security update <a bookmark-id=\"\" data-content-id=\"\" data-content-type=\"\" href=\"http://support.microsoft.com/kb/4011721\" managed-link=\"\" target=\"\">4011721</a>.</p><h3>File hash information</h3><table class=\"table\"><tbody><tr><th>Package name</th><th>Package hash SHA 1</th><th>Package hash SHA 2</th></tr><tr><td>word2007-kb4018355-fullfile-x86-glb.exe</td><td>64F6846E3333DC709D432DE2D3735A3B248818B2</td><td>79E176ACF407094FBA5EF23CF54AFC736EC06260CED7873FE99B5910E766D726</td></tr></tbody></table><h3><br/>File information</h3><p>The English version of this security update has the file attributes (or later file attributes) that are listed in the following table.</p><h4>For all supported x86-based versions of Word 2007</h4><table class=\"table\"><tbody><tr><th>File identifier</th><th>File name</th><th>File version</th><th>File size</th><th>Date</th><th>Time</th></tr><tr><td>winword.exe</td><td>winword.exe</td><td>12.0.6787.5000</td><td>419,008</td><td>25-Mar-2018</td><td>03:33</td></tr><tr><td>wwlib.dll</td><td>wwlib.dll</td><td>12.0.6787.5000</td><td>17,824,448</td><td>25-Mar-2018</td><td>03:33</td></tr></tbody></table><h2>How to get help and support for this security update</h2><p>Help for installing updates: <a bookmark-id=\"\" data-content-id=\"\" data-content-type=\"\" href=\"https://support.microsoft.com/ph/6527\" managed-link=\"\" target=\"\">Support for Microsoft Update</a></p><p>Security solutions for IT professionals: <a bookmark-id=\"\" data-content-id=\"\" data-content-type=\"\" href=\"https://technet.microsoft.com/security/bb980617.aspx\" managed-link=\"\" target=\"\">TechNet Security Troubleshooting and Support</a></p><p>Help for protecting your Windows-based computer from viruses and malware: <a bookmark-id=\"\" data-content-id=\"\" data-content-type=\"\" href=\"https://support.microsoft.com/contactus/cu_sc_virsec_master\" managed-link=\"\" target=\"\">Virus Solution and Security Center</a></p><p>Local support according to your country: <a bookmark-id=\"\" data-content-id=\"\" data-content-type=\"\" href=\"http://support.microsoft.com\" managed-link=\"\" target=\"\">International Support</a></p><p><span><span>Propose a feature or provide feedback on Office: <a href=\"https://office.uservoice.com/\" target=\"_blank\">Office User Voice portal</a></span></span></p></body></html>", "edition": 3, "modified": "2020-04-16T09:11:11", "id": "KB4018355", "href": "https://support.microsoft.com/en-us/help/4018355/", "published": "2018-04-10T00:00:00", "title": "Description of the security update for Word 2007: April 10, 2018", "type": "mskb", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-01T22:47:49", "bulletinFamily": "microsoft", "cvelist": ["CVE-2018-0950"], "description": "<html><body><p>Description of the security update for Word 2016: April 10, 2018.</p><h2>Summary</h2><div><p>This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see <a data-content-id=\"\" data-content-type=\"\" href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0950\" target=\"_blank\">Microsoft Common Vulnerabilities and Exposures CVE-2018-0950</a>.\u00a0<br/><br/><strong>Note</strong> To apply this security update, you must have the release version of Microsoft Word 2016 installed on the computer.</p><p>Be aware that the update in the Microsoft Download Center applies to the Microsoft Installer (.msi)-based edition of Office 2016. It doesn't apply to the Office 2016 Click-to-Run editions, such as Microsoft Office 365 Home\u00a0(see\u00a0<a href=\"https://blogs.technet.microsoft.com/office_integration__sharepoint/2016/06/23/determining-your-office-version-msi-vs-c2r/\" tabindex=\"0\" target=\"_blank\">Determining your Office version</a>).</p></div><h2>Improvements and fixes</h2><p>This security update contains improvements and fixes for the following nonsecurity issues:</p><ul linespacing=\"1\" style=\"list-style-type:UnorderedBullets\" type=\"UnorderedBullets\"><li>When you view text\u00a0in a reply or forward email that uses an automatic signature on an iOS device, the font color of the reply text\u00a0is incorrect.</li><li>The end position of a bookmark is synced incorrectly during a co-authoring operation in Word 2016.</li><li>When you set the numeral shapes for Arabic text to Hindi numbers and then save a Word document that has Arabic text as a PDF file, the numbers in the Word document are\u00a0incorrectly displayed as Arabic in the PDF file.</li><li>When you edit documents that are stored in an attachment field in\u00a0a Microsoft Access database and then save the documents, you are unexpectedly prompted to \"Save as.\"</li><li>If a Word document that contains OLE or OCX controls is embedded as an OLE object in another application, the controls appear in the\u00a0wrong place when you scroll the document.</li><li>Improves performance for bookmark deletion by using programmatic method, such as deleting bookmarks through macros, VBA, and C#.</li><li>If the Windows system language is set to a complex script language, such as Thai, when you print a Word document that contains bullets, the bullets are printed incorrectly.</li><li>When you save a document in Word 2016 after you install <a data-content-id=\"4011730\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">KB 4011730</a>, Word crashes.</li></ul><h2>How to get and install the update</h2><h3>Method 1: Microsoft Update</h3><p>This update is available from Microsoft Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to get security updates automatically, see <a bookmark-id=\"\" data-content-id=\"\" data-content-type=\"\" href=\"https://support.microsoft.com/en-us/help/12373/windows-update-faq\" managed-link=\"\" target=\"\">Windows Update: FAQ</a>.</p><h3>Method 2: Microsoft Update Catalog</h3><p>To get the stand-alone package for this update, go to the <a bookmark-id=\"\" data-content-id=\"\" data-content-type=\"\" href=\"http://www.catalog.update.microsoft.com/Search.aspx?q=KB4018339\" managed-link=\"\" target=\"\">Microsoft Update Catalog</a> website.</p><h3>Method 3: Microsoft Download Center</h3><p>You can get the stand-alone update package through the Microsoft Download Center. Follow the installation instructions on the download page to install the update.</p><ul linespacing=\"1\" style=\"list-style-type:UnorderedBullets\" type=\"UnorderedBullets\"><li><span asset=\"4009805\" contenteditable=\"false\" props='{\"size\":\"full\"}' unselectable=\"on\">4009805</span><a bookmark-id=\"\" data-content-id=\"\" href=\"http://www.microsoft.com/download/details.aspx?familyid=bb18a0d7-d0e4-4d55-946b-a54e998567e7\" managed-link=\"\">Download the security update KB4018339 for the 32-bit version of Word 2016</a></li><li><span asset=\"4009805\" contenteditable=\"false\" props='{\"size\":\"full\"}' unselectable=\"on\">4009805</span><a bookmark-id=\"\" data-content-id=\"\" href=\"http://www.microsoft.com/download/details.aspx?familyid=10ae22bb-c5a5-44d4-bc6a-eda33b417fcf\" managed-link=\"\">Download the security update KB4018339 for the 64-bit version of Word 2016</a></li></ul><h2>More Information</h2><h3>Security update deployment information</h3><p>For deployment information about this update, see <a href=\"https://support.microsoft.com/en-us/help/20180410\">security update deployment information: April 10, 2018</a>.</p><h3>Security update replacement information</h3><p>This security update replaces previously released security update <a bookmark-id=\"\" data-content-id=\"\" data-content-type=\"\" href=\"http://support.microsoft.com/kb/4011730\" managed-link=\"\" target=\"_blank\">KB 4011730</a>.</p><h3>File hash information</h3><table class=\"table\"><tbody><tr><th>Package name</th><th>Package hash SHA 1</th><th>Package hash SHA 2</th></tr><tr><td>word2016-kb4018339-fullfile-x86-glb.exe</td><td>C380C4C8F2A7D947CBE69A1386C34671F15C7D80</td><td>D23DFBF02461E1D3EEF4EDE3035C7B095E5CDB30CB5BFAC63E851C1225DA9712</td></tr><tr><td>word2016-kb4018339-fullfile-x64-glb.exe</td><td>9072E37E15ED23049781E47AC0120ECA82C2939B</td><td>415E363B32A0761C449CAB4C8EFABB9398A2C95888AC977E9A0A36DC1A54EAD8</td></tr></tbody></table><h3><br/>File information</h3><p>The English version of this security update has the file attributes (or later file attributes) that are listed in the following table.</p><h4><strong>For all supported x86-based versions of Word 2016</strong></h4><table class=\"table\"><tbody><tr><th>File identifier</th><th>File name</th><th>File version</th><th>File size</th><th>Date</th><th>Time</th></tr><tr><td>wwintl.dll_1025</td><td>wwintl.dll</td><td>16.0.4666.1000</td><td>821416</td><td>22-Mar-18</td><td>12:37</td></tr><tr><td>wwintl.dll_1026</td><td>wwintl.dll</td><td>16.0.4666.1000</td><td>818856</td><td>22-Mar-18</td><td>12:37</td></tr><tr><td>wwintl.dll_1029</td><td>wwintl.dll</td><td>16.0.4666.1000</td><td>874656</td><td>22-Mar-18</td><td>12:37</td></tr><tr><td>wwintl.dll_1030</td><td>wwintl.dll</td><td>16.0.4666.1000</td><td>806056</td><td>22-Mar-18</td><td>12:37</td></tr><tr><td>wwintl.dll_1031</td><td>wwintl.dll</td><td>16.0.4666.1000</td><td>885928</td><td>22-Mar-18</td><td>12:37</td></tr><tr><td>wwintl.dll_1032</td><td>wwintl.dll</td><td>16.0.4666.1000</td><td>876200</td><td>22-Mar-18</td><td>12:37</td></tr><tr><td>wwintl.dll_3082</td><td>wwintl.dll</td><td>16.0.4666.1000</td><td>845472</td><td>22-Mar-18</td><td>12:37</td></tr><tr><td>wwintl.dll_1061</td><td>wwintl.dll</td><td>16.0.4666.1000</td><td>769192</td><td>22-Mar-18</td><td>12:37</td></tr><tr><td>wwintl.dll_1035</td><td>wwintl.dll</td><td>16.0.4666.1000</td><td>816296</td><td>22-Mar-18</td><td>12:37</td></tr><tr><td>wwintl.dll_1036</td><td>wwintl.dll</td><td>16.0.4666.1000</td><td>881824</td><td>22-Mar-18</td><td>12:37</td></tr><tr><td>wwintl.dll_1037</td><td>wwintl.dll</td><td>16.0.4666.1000</td><td>759976</td><td>22-Mar-18</td><td>12:37</td></tr><tr><td>wwintl.dll_1081</td><td>wwintl.dll</td><td>16.0.4666.1000</td><td>863400</td><td>22-Mar-18</td><td>12:37</td></tr><tr><td>wwintl.dll_1050</td><td>wwintl.dll</td><td>16.0.4666.1000</td><td>828584</td><td>22-Mar-18</td><td>12:37</td></tr><tr><td>wwintl.dll_1038</td><td>wwintl.dll</td><td>16.0.4666.1000</td><td>884392</td><td>22-Mar-18</td><td>12:37</td></tr><tr><td>wwintl.dll_1057</td><td>wwintl.dll</td><td>16.0.4666.1000</td><td>777384</td><td>22-Mar-18</td><td>12:37</td></tr><tr><td>wwintl.dll_1040</td><td>wwintl.dll</td><td>16.0.4666.1000</td><td>836768</td><td>22-Mar-18</td><td>12:37</td></tr><tr><td>wwintl.dll_1041</td><td>wwintl.dll</td><td>16.0.4666.1000</td><td>788128</td><td>22-Mar-18</td><td>12:37</td></tr><tr><td>wwintl.dll_1087</td><td>wwintl.dll</td><td>16.0.4666.1000</td><td>878760</td><td>22-Mar-18</td><td>12:37</td></tr><tr><td>wwintl.dll_1042</td><td>wwintl.dll</td><td>16.0.4666.1000</td><td>781480</td><td>22-Mar-18</td><td>12:37</td></tr><tr><td>wwintl.dll_1063</td><td>wwintl.dll</td><td>16.0.4666.1000</td><td>835240</td><td>22-Mar-18</td><td>12:37</td></tr><tr><td>wwintl.dll_1062</td><td>wwintl.dll</td><td>16.0.4666.1000</td><td>822440</td><td>22-Mar-18</td><td>12:37</td></tr><tr><td>wwintl.dll_1086</td><td>wwintl.dll</td><td>16.0.4666.1000</td><td>780968</td><td>22-Mar-18</td><td>12:38</td></tr><tr><td>wwintl.dll_1044</td><td>wwintl.dll</td><td>16.0.4666.1000</td><td>794792</td><td>22-Mar-18</td><td>12:38</td></tr><tr><td>wwintl.dll_1043</td><td>wwintl.dll</td><td>16.0.4666.1000</td><td>834216</td><td>22-Mar-18</td><td>12:38</td></tr><tr><td>wwintl.dll_1045</td><td>wwintl.dll</td><td>16.0.4666.1000</td><td>850600</td><td>22-Mar-18</td><td>12:38</td></tr><tr><td>wwintl.dll_1046</td><td>wwintl.dll</td><td>16.0.4666.1000</td><td>851624</td><td>22-Mar-18</td><td>12:38</td></tr><tr><td>wwintl.dll_2070</td><td>wwintl.dll</td><td>16.0.4666.1000</td><td>859304</td><td>22-Mar-18</td><td>12:38</td></tr><tr><td>wwintl.dll_1048</td><td>wwintl.dll</td><td>16.0.4666.1000</td><td>894632</td><td>22-Mar-18</td><td>12:38</td></tr><tr><td>wwintl.dll_1049</td><td>wwintl.dll</td><td>16.0.4666.1000</td><td>807592</td><td>22-Mar-18</td><td>12:38</td></tr><tr><td>wwintl.dll_1051</td><td>wwintl.dll</td><td>16.0.4666.1000</td><td>889504</td><td>22-Mar-18</td><td>12:38</td></tr><tr><td>wwintl.dll_1060</td><td>wwintl.dll</td><td>16.0.4666.1000</td><td>819360</td><td>22-Mar-18</td><td>12:38</td></tr><tr><td>wwintl.dll_2074</td><td>wwintl.dll</td><td>16.0.4660.1000</td><td>815784</td><td>22-Mar-18</td><td>12:38</td></tr><tr><td>wwintl.dll_9242</td><td>wwintl.dll</td><td>16.0.4666.1000</td><td>815784</td><td>22-Mar-18</td><td>12:38</td></tr><tr><td>wwintl.dll_1053</td><td>wwintl.dll</td><td>16.0.4666.1000</td><td>801440</td><td>22-Mar-18</td><td>12:38</td></tr><tr><td>wwintl.dll_1054</td><td>wwintl.dll</td><td>16.0.4666.1000</td><td>823456</td><td>22-Mar-18</td><td>12:38</td></tr><tr><td>wwintl.dll_1055</td><td>wwintl.dll</td><td>16.0.4666.1000</td><td>879784</td><td>22-Mar-18</td><td>12:38</td></tr><tr><td>wwintl.dll_1058</td><td>wwintl.dll</td><td>16.0.4666.1000</td><td>818336</td><td>22-Mar-18</td><td>12:38</td></tr><tr><td>wwintl.dll_1066</td><td>wwintl.dll</td><td>16.0.4666.1000</td><td>911008</td><td>22-Mar-18</td><td>12:38</td></tr><tr><td>wwintl.dll_2052</td><td>wwintl.dll</td><td>16.0.4666.1000</td><td>694952</td><td>22-Mar-18</td><td>12:38</td></tr><tr><td>wwintl.dll_1028</td><td>wwintl.dll</td><td>16.0.4666.1000</td><td>704168</td><td>22-Mar-18</td><td>12:38</td></tr><tr><td>pdfreflow.exe</td><td>pdfreflow.exe</td><td>16.0.4660.1000</td><td>10302656</td><td>21-Mar-18</td><td>12:11</td></tr><tr><td>wwintl.dll_1033</td><td>wwintl.dll</td><td>16.0.4666.1000</td><td>698536</td><td>21-Mar-18</td><td>12:10</td></tr><tr><td>winword.exe</td><td>winword.exe</td><td>16.0.4678.1001</td><td>1936040</td><td>22-Mar-18</td><td>02:56</td></tr><tr><td>wrd12cnv.dll</td><td>wordcnv.dll</td><td>16.0.4678.1000</td><td>9163432</td><td>21-Mar-18</td><td>12:11</td></tr><tr><td>wwlib.dll</td><td>wwlib.dll</td><td>16.0.4678.1001</td><td>29587112</td><td>22-Mar-18</td><td>02:56</td></tr></tbody></table><h4><br/><br/><strong>For all supported x64-based versions of Word 2016</strong></h4><table class=\"table\"><tbody><tr><th>File identifier</th><th>File name</th><th>File version</th><th>File size</th><th>Date</th><th>Time</th></tr><tr><td>calligra.dll</td><td>calligra.dll</td><td>16.0.4528.1000</td><td>338688</td><td>22-Mar-18</td><td>12:54</td></tr><tr><td>wdsrv.conversion.word.wwintl.dll_1025</td><td>wwintl.dll</td><td>16.0.4678.1001</td><td>942760</td><td>22-Mar-18</td><td>02:56</td></tr><tr><td>wwintl.dll_1025</td><td>wwintl.dll</td><td>16.0.4678.1001</td><td>942760</td><td>22-Mar-18</td><td>02:56</td></tr><tr><td>wdsrv.conversion.word.wwintl.dll_1026</td><td>wwintl.dll</td><td>16.0.4678.1001</td><td>897704</td><td>22-Mar-18</td><td>02:56</td></tr><tr><td>wwintl.dll_1026</td><td>wwintl.dll</td><td>16.0.4678.1001</td><td>897704</td><td>22-Mar-18</td><td>02:56</td></tr><tr><td>wdsrv.conversion.word.wwintl.dll_1029</td><td>wwintl.dll</td><td>16.0.4678.1001</td><td>953512</td><td>22-Mar-18</td><td>02:56</td></tr><tr><td>wwintl.dll_1029</td><td>wwintl.dll</td><td>16.0.4678.1001</td><td>953512</td><td>22-Mar-18</td><td>02:56</td></tr><tr><td>wdsrv.conversion.word.wwintl.dll_1030</td><td>wwintl.dll</td><td>16.0.4678.1001</td><td>884904</td><td>22-Mar-18</td><td>02:56</td></tr><tr><td>wwintl.dll_1030</td><td>wwintl.dll</td><td>16.0.4678.1001</td><td>884904</td><td>22-Mar-18</td><td>02:56</td></tr><tr><td>wdsrv.conversion.word.wwintl.dll_1031</td><td>wwintl.dll</td><td>16.0.4678.1001</td><td>965288</td><td>22-Mar-18</td><td>02:56</td></tr><tr><td>wwintl.dll_1031</td><td>wwintl.dll</td><td>16.0.4678.1001</td><td>965288</td><td>22-Mar-18</td><td>02:56</td></tr><tr><td>wdsrv.conversion.word.wwintl.dll_1032</td><td>wwintl.dll</td><td>16.0.4678.1001</td><td>955048</td><td>22-Mar-18</td><td>02:56</td></tr><tr><td>wwintl.dll_1032</td><td>wwintl.dll</td><td>16.0.4678.1001</td><td>955048</td><td>22-Mar-18</td><td>02:56</td></tr><tr><td>wdsrv.conversion.word.wwintl.dll_3082</td><td>wwintl.dll</td><td>16.0.4678.1001</td><td>924840</td><td>22-Mar-18</td><td>02:55</td></tr><tr><td>wwintl.dll_3082</td><td>wwintl.dll</td><td>16.0.4678.1001</td><td>924840</td><td>22-Mar-18</td><td>02:55</td></tr><tr><td>wdsrv.conversion.word.wwintl.dll_1061</td><td>wwintl.dll</td><td>16.0.4678.1001</td><td>848040</td><td>22-Mar-18</td><td>02:55</td></tr><tr><td>wwintl.dll_1061</td><td>wwintl.dll</td><td>16.0.4678.1001</td><td>848040</td><td>22-Mar-18</td><td>02:55</td></tr><tr><td>wdsrv.conversion.word.wwintl.dll_1035</td><td>wwintl.dll</td><td>16.0.4678.1001</td><td>895144</td><td>22-Mar-18</td><td>02:55</td></tr><tr><td>wwintl.dll_1035</td><td>wwintl.dll</td><td>16.0.4678.1001</td><td>895144</td><td>22-Mar-18</td><td>02:55</td></tr><tr><td>wdsrv.conversion.word.wwintl.dll_1036</td><td>wwintl.dll</td><td>16.0.4678.1001</td><td>960680</td><td>22-Mar-18</td><td>02:56</td></tr><tr><td>wwintl.dll_1036</td><td>wwintl.dll</td><td>16.0.4678.1001</td><td>960680</td><td>22-Mar-18</td><td>02:56</td></tr><tr><td>wdsrv.conversion.word.wwintl.dll_1037</td><td>wwintl.dll</td><td>16.0.4678.1001</td><td>881320</td><td>22-Mar-18</td><td>02:56</td></tr><tr><td>wwintl.dll_1037</td><td>wwintl.dll</td><td>16.0.4678.1001</td><td>881320</td><td>22-Mar-18</td><td>02:56</td></tr><tr><td>wdsrv.conversion.word.wwintl.dll_1081</td><td>wwintl.dll</td><td>16.0.4678.1001</td><td>942248</td><td>22-Mar-18</td><td>02:56</td></tr><tr><td>wwintl.dll_1081</td><td>wwintl.dll</td><td>16.0.4678.1001</td><td>942248</td><td>22-Mar-18</td><td>02:56</td></tr><tr><td>wdsrv.conversion.word.wwintl.dll_1050</td><td>wwintl.dll</td><td>16.0.4678.1001</td><td>907432</td><td>22-Mar-18</td><td>02:55</td></tr><tr><td>wwintl.dll_1050</td><td>wwintl.dll</td><td>16.0.4678.1001</td><td>907432</td><td>22-Mar-18</td><td>02:55</td></tr><tr><td>wdsrv.conversion.word.wwintl.dll_1038</td><td>wwintl.dll</td><td>16.0.4678.1001</td><td>963240</td><td>22-Mar-18</td><td>02:56</td></tr><tr><td>wwintl.dll_1038</td><td>wwintl.dll</td><td>16.0.4678.1001</td><td>963240</td><td>22-Mar-18</td><td>02:56</td></tr><tr><td>wdsrv.conversion.word.wwintl.dll_1057</td><td>wwintl.dll</td><td>16.0.4678.1001</td><td>856232</td><td>22-Mar-18</td><td>02:55</td></tr><tr><td>wwintl.dll_1057</td><td>wwintl.dll</td><td>16.0.4678.1001</td><td>856232</td><td>22-Mar-18</td><td>02:55</td></tr><tr><td>wdsrv.conversion.word.wwintl.dll_1040</td><td>wwintl.dll</td><td>16.0.4678.1001</td><td>915624</td><td>22-Mar-18</td><td>02:55</td></tr><tr><td>wwintl.dll_1040</td><td>wwintl.dll</td><td>16.0.4678.1001</td><td>915624</td><td>22-Mar-18</td><td>02:55</td></tr><tr><td>wac.word.wwintl.dll_1041</td><td>wwintl.dll</td><td>16.0.4678.1001</td><td>866984</td><td>\u00a0</td><td>\u00a0</td></tr><tr><td>wdsrv.conversion.word.wwintl.dll_1041</td><td>wwintl.dll</td><td>16.0.4678.1001</td><td>866984</td><td>22-Mar-18</td><td>02:56</td></tr><tr><td>wwintl.dll_1041</td><td>wwintl.dll</td><td>16.0.4678.1001</td><td>866984</td><td>22-Mar-18</td><td>02:56</td></tr><tr><td>wdsrv.conversion.word.wwintl.dll_1087</td><td>wwintl.dll</td><td>16.0.4678.1001</td><td>957608</td><td>22-Mar-18</td><td>02:56</td></tr><tr><td>wwintl.dll_1087</td><td>wwintl.dll</td><td>16.0.4678.1001</td><td>957608</td><td>22-Mar-18</td><td>02:56</td></tr><tr><td>wdsrv.conversion.word.wwintl.dll_1042</td><td>wwintl.dll</td><td>16.0.4678.1001</td><td>860320</td><td>22-Mar-18</td><td>02:56</td></tr><tr><td>wwintl.dll_1042</td><td>wwintl.dll</td><td>16.0.4678.1001</td><td>860320</td><td>22-Mar-18</td><td>02:56</td></tr><tr><td>wdsrv.conversion.word.wwintl.dll_1063</td><td>wwintl.dll</td><td>16.0.4678.1001</td><td>914088</td><td>22-Mar-18</td><td>02:56</td></tr><tr><td>wwintl.dll_1063</td><td>wwintl.dll</td><td>16.0.4678.1001</td><td>914088</td><td>22-Mar-18</td><td>02:56</td></tr><tr><td>wdsrv.conversion.word.wwintl.dll_1062</td><td>wwintl.dll</td><td>16.0.4678.1001</td><td>901288</td><td>22-Mar-18</td><td>02:56</td></tr><tr><td>wwintl.dll_1062</td><td>wwintl.dll</td><td>16.0.4678.1001</td><td>901288</td><td>22-Mar-18</td><td>02:56</td></tr><tr><td>wdsrv.conversion.word.wwintl.dll_1086</td><td>wwintl.dll</td><td>16.0.4678.1001</td><td>859816</td><td>22-Mar-18</td><td>02:55</td></tr><tr><td>wwintl.dll_1086</td><td>wwintl.dll</td><td>16.0.4678.1001</td><td>859816</td><td>22-Mar-18</td><td>02:55</td></tr><tr><td>wdsrv.conversion.word.wwintl.dll_1044</td><td>wwintl.dll</td><td>16.0.4678.1001</td><td>873640</td><td>22-Mar-18</td><td>02:55</td></tr><tr><td>wwintl.dll_1044</td><td>wwintl.dll</td><td>16.0.4678.1001</td><td>873640</td><td>22-Mar-18</td><td>02:55</td></tr><tr><td>wdsrv.conversion.word.wwintl.dll_1043</td><td>wwintl.dll</td><td>16.0.4678.1001</td><td>913064</td><td>22-Mar-18</td><td>02:55</td></tr><tr><td>wwintl.dll_1043</td><td>wwintl.dll</td><td>16.0.4678.1001</td><td>913064</td><td>22-Mar-18</td><td>02:55</td></tr><tr><td>wdsrv.conversion.word.wwintl.dll_1045</td><td>wwintl.dll</td><td>16.0.4678.1001</td><td>929448</td><td>22-Mar-18</td><td>02:56</td></tr><tr><td>wwintl.dll_1045</td><td>wwintl.dll</td><td>16.0.4678.1001</td><td>929448</td><td>22-Mar-18</td><td>02:56</td></tr><tr><td>wdsrv.conversion.word.wwintl.dll_1046</td><td>wwintl.dll</td><td>16.0.4678.1001</td><td>930472</td><td>22-Mar-18</td><td>02:56</td></tr><tr><td>wwintl.dll_1046</td><td>wwintl.dll</td><td>16.0.4678.1001</td><td>930472</td><td>22-Mar-18</td><td>02:56</td></tr><tr><td>wdsrv.conversion.word.wwintl.dll_2070</td><td>wwintl.dll</td><td>16.0.4678.1001</td><td>938152</td><td>22-Mar-18</td><td>02:56</td></tr><tr><td>wwintl.dll_2070</td><td>wwintl.dll</td><td>16.0.4678.1001</td><td>938152</td><td>22-Mar-18</td><td>02:56</td></tr><tr><td>wdsrv.conversion.word.wwintl.dll_1048</td><td>wwintl.dll</td><td>16.0.4678.1001</td><td>973480</td><td>22-Mar-18</td><td>02:56</td></tr><tr><td>wwintl.dll_1048</td><td>wwintl.dll</td><td>16.0.4678.1001</td><td>973480</td><td>22-Mar-18</td><td>02:56</td></tr><tr><td>wdsrv.conversion.word.wwintl.dll_1049</td><td>wwintl.dll</td><td>16.0.4678.1001</td><td>886440</td><td>22-Mar-18</td><td>02:56</td></tr><tr><td>wwintl.dll_1049</td><td>wwintl.dll</td><td>16.0.4678.1001</td><td>886440</td><td>22-Mar-18</td><td>02:56</td></tr><tr><td>wdsrv.conversion.word.wwintl.dll_1051</td><td>wwintl.dll</td><td>16.0.4678.1001</td><td>968360</td><td>22-Mar-18</td><td>02:56</td></tr><tr><td>wwintl.dll_1051</td><td>wwintl.dll</td><td>16.0.4678.1001</td><td>968360</td><td>22-Mar-18</td><td>02:56</td></tr><tr><td>wdsrv.conversion.word.wwintl.dll_1060</td><td>wwintl.dll</td><td>16.0.4678.1001</td><td>898216</td><td>22-Mar-18</td><td>02:56</td></tr><tr><td>wwintl.dll_1060</td><td>wwintl.dll</td><td>16.0.4678.1001</td><td>898216</td><td>22-Mar-18</td><td>02:56</td></tr><tr><td>wdsrv.conversion.word.wwintl.dll_2074</td><td>wwintl.dll</td><td>16.0.4678.1001</td><td>894632</td><td>22-Mar-18</td><td>02:56</td></tr><tr><td>wwintl.dll_2074</td><td>wwintl.dll</td><td>16.0.4678.1001</td><td>894632</td><td>22-Mar-18</td><td>02:56</td></tr><tr><td>wac.word.wwintl.dll_9242</td><td>wwintl.dll</td><td>16.0.4678.1001</td><td>895144</td><td>\u00a0</td><td>\u00a0</td></tr><tr><td>wdsrv.conversion.word.wwintl.dll_9242</td><td>wwintl.dll</td><td>16.0.4678.1001</td><td>895144</td><td>22-Mar-18</td><td>02:56</td></tr><tr><td>wwintl.dll_9242</td><td>wwintl.dll</td><td>16.0.4678.1001</td><td>895144</td><td>22-Mar-18</td><td>02:56</td></tr><tr><td>wdsrv.conversion.word.wwintl.dll_1053</td><td>wwintl.dll</td><td>16.0.4678.1001</td><td>880296</td><td>22-Mar-18</td><td>02:56</td></tr><tr><td>wwintl.dll_1053</td><td>wwintl.dll</td><td>16.0.4678.1001</td><td>880296</td><td>22-Mar-18</td><td>02:56</td></tr><tr><td>wdsrv.conversion.word.wwintl.dll_1054</td><td>wwintl.dll</td><td>16.0.4678.1001</td><td>902312</td><td>22-Mar-18</td><td>02:56</td></tr><tr><td>wwintl.dll_1054</td><td>wwintl.dll</td><td>16.0.4678.1001</td><td>902312</td><td>22-Mar-18</td><td>02:56</td></tr><tr><td>wdsrv.conversion.word.wwintl.dll_1055</td><td>wwintl.dll</td><td>16.0.4678.1001</td><td>959144</td><td>22-Mar-18</td><td>02:56</td></tr><tr><td>wwintl.dll_1055</td><td>wwintl.dll</td><td>16.0.4678.1001</td><td>959144</td><td>22-Mar-18</td><td>02:56</td></tr><tr><td>wdsrv.conversion.word.wwintl.dll_1058</td><td>wwintl.dll</td><td>16.0.4678.1001</td><td>897192</td><td>22-Mar-18</td><td>02:56</td></tr><tr><td>wwintl.dll_1058</td><td>wwintl.dll</td><td>16.0.4678.1001</td><td>897192</td><td>22-Mar-18</td><td>02:56</td></tr><tr><td>wdsrv.conversion.word.wwintl.dll_1066</td><td>wwintl.dll</td><td>16.0.4678.1001</td><td>989864</td><td>22-Mar-18</td><td>02:56</td></tr><tr><td>wwintl.dll_1066</td><td>wwintl.dll</td><td>16.0.4678.1001</td><td>989864</td><td>22-Mar-18</td><td>02:56</td></tr><tr><td>wdsrv.conversion.word.wwintl.dll_2052</td><td>wwintl.dll</td><td>16.0.4678.1001</td><td>774304</td><td>22-Mar-18</td><td>02:56</td></tr><tr><td>wwintl.dll_2052</td><td>wwintl.dll</td><td>16.0.4678.1001</td><td>774304</td><td>22-Mar-18</td><td>02:56</td></tr><tr><td>wdsrv.conversion.word.wwintl.dll_1028</td><td>wwintl.dll</td><td>16.0.4678.1001</td><td>783016</td><td>22-Mar-18</td><td>02:56</td></tr><tr><td>wwintl.dll_1028</td><td>wwintl.dll</td><td>16.0.4678.1001</td><td>783016</td><td>22-Mar-18</td><td>02:56</td></tr><tr><td>pdfreflow.exe</td><td>pdfreflow.exe</td><td>16.0.4660.1000</td><td>15916224</td><td>21-Mar-18</td><td>12:14</td></tr><tr><td>wac.word.wwintl.dll_1033</td><td>wwintl.dll</td><td>16.0.4666.1000</td><td>778408</td><td>\u00a0</td><td>\u00a0</td></tr><tr><td>wdsrv.conversion.word.wwintl.dll_1033</td><td>wwintl.dll</td><td>16.0.4666.1000</td><td>778408</td><td>21-Mar-18</td><td>12:09</td></tr><tr><td>wwintl.dll_1033</td><td>wwintl.dll</td><td>16.0.4666.1000</td><td>778408</td><td>21-Mar-18</td><td>12:09</td></tr><tr><td>winword.exe</td><td>winword.exe</td><td>16.0.4678.1001</td><td>1939112</td><td>22-Mar-18</td><td>02:57</td></tr><tr><td>wrd12cnv.dll</td><td>wordcnv.dll</td><td>16.0.4678.1000</td><td>11864744</td><td>21-Mar-18</td><td>12:14</td></tr><tr><td>wwlib.dll</td><td>wwlib.dll</td><td>16.0.4678.1001</td><td>37199528</td><td>22-Mar-18</td><td>02:57</td></tr></tbody></table><h2>How to get help and support for this security update</h2><p>Help for installing updates: <a bookmark-id=\"\" data-content-id=\"\" data-content-type=\"\" href=\"https://support.microsoft.com/ph/6527\" managed-link=\"\" target=\"\">Support for Microsoft Update</a><br/><br/>Security solutions for IT professionals: <a bookmark-id=\"\" data-content-id=\"\" data-content-type=\"\" href=\"https://technet.microsoft.com/security/bb980617.aspx\" managed-link=\"\" target=\"\">TechNet Security Troubleshooting and Support</a><br/><br/>Help for protecting your Windows-based computer from viruses and malware: <a bookmark-id=\"\" data-content-id=\"\" data-content-type=\"\" href=\"https://support.microsoft.com/contactus/cu_sc_virsec_master\" managed-link=\"\" target=\"\">Virus Solution and Security Center</a><br/><br/>Local support according to your country: <a bookmark-id=\"\" data-content-id=\"\" data-content-type=\"\" href=\"http://support.microsoft.com\" managed-link=\"\" target=\"\">International Support</a></p><p>Propose a feature or provide feedback on Office Core:\u00a0<a aria-live=\"rude\" bookmark-id=\"\" data-bi-name=\"content-anchor-link\" data-content-id=\"\" data-content-type=\"\" href=\"https://office.uservoice.com/\" managed-link=\"\" tabindex=\"0\" target=\"_self\">Office User Voice portal</a></p></body></html>", "edition": 11, "modified": "2020-04-16T08:56:40", "id": "KB4018339", "href": "https://support.microsoft.com/en-us/help/4018339/", "published": "2018-04-10T00:00:00", "title": "Description of the security update for Word 2016: April 10, 2018", "type": "mskb", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-01T22:45:22", "bulletinFamily": "microsoft", "cvelist": ["CVE-2018-0950"], "description": "<html><body><p>Description of the security update for Word 2010: April 10, 2018</p><h2>Summary</h2><div><p>This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see <a data-content-id=\"\" data-content-type=\"\" href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0950\" target=\"_blank\">Microsoft Common Vulnerabilities and Exposures CVE-2018-0950</a>.<br/><br/><strong>Note</strong> To apply this security update, you must have the release version of <a data-content-id=\"\" data-content-type=\"\" href=\"http://support.microsoft.com/kb/2687455\" target=\"_blank\">Service Pack 2 for Office 2010</a> installed on the computer.</p><main role=\"main\"><article itemscope=\"\" itemtype=\"http://schema.org/TechArticle\" role=\"article\"><section applies-to-saps=\"\" data-grid=\"col-12\" ng-attr-id=\"{{contentSection.meta.id}}\" ng-class=\"{'internal-content': isInternalSection() }\" ng-if=\"typeof(contentSection) !== 'string'\"><p>Be aware that the update in the Microsoft Download Center applies to the Microsoft Installer (.msi)-based edition of Office 2010. It doesn't apply to the Office 2010 Click-to-Run editions, such as Microsoft Office 365 Home. (<a href=\"https://blogs.technet.microsoft.com/office_integration__sharepoint/2016/06/23/determining-your-office-version-msi-vs-c2r/\" tabindex=\"0\" target=\"_blank\">Determining your Office version</a>)</p></section></article></main></div><h2>How to get and install the update</h2><h3>Method 1: Microsoft Update</h3><p>This update is available from Microsoft Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to get security updates automatically, see <a bookmark-id=\"\" data-content-id=\"\" data-content-type=\"\" href=\"https://support.microsoft.com/en-us/help/12373/windows-update-faq\" managed-link=\"\" target=\"_blank\">Windows Update: FAQ</a>.</p><h3>Method 2: Microsoft Update Catalog</h3><p>To get the stand-alone package for this update, go to the <a bookmark-id=\"\" data-content-id=\"\" data-content-type=\"\" href=\"http://www.catalog.update.microsoft.com/Search.aspx?q=KB4018359\" managed-link=\"\" target=\"\">Microsoft Update Catalog</a> website.</p><h3>Method 3: Microsoft Download Center</h3><p>You can get the stand-alone update package through the Microsoft Download Center. Follow the installation instructions on the download page to install the update.</p><ul linespacing=\"1\" style=\"list-style-type:UnorderedBullets\" type=\"UnorderedBullets\"><li><span asset=\"4009805\" contenteditable=\"false\" props='{\"size\":\"full\"}' unselectable=\"on\">4009805</span><a bookmark-id=\"\" data-content-id=\"\" href=\"http://www.microsoft.com/download/details.aspx?familyid=03f4f40a-2fda-4592-a2b4-d67796e30dcd\" managed-link=\"\">Download\u00a0security update 4018359 for the 32-bit version of Word 2010</a></li><li><span asset=\"4009805\" contenteditable=\"false\" props='{\"size\":\"full\"}' unselectable=\"on\">4009805</span><a bookmark-id=\"\" data-content-id=\"\" href=\"http://www.microsoft.com/download/details.aspx?familyid=342a1e75-d442-4db0-bc11-a23cf2a761d0\" managed-link=\"\">Download security update 4018359 for the 64-bit version of Word 2010</a></li></ul><h2>More Information</h2><h3>Security update deployment information</h3><p>For deployment information about this update, see <a href=\"https://support.microsoft.com/en-us/help/20180410\">security update deployment information: April 10, 2018</a>.</p><h3>Security update replacement information</h3><p>This security update replaces previously released security update <a bookmark-id=\"\" data-content-id=\"\" data-content-type=\"\" href=\"http://support.microsoft.com/kb/4011674\" managed-link=\"\" target=\"\">4011674</a>.</p><h3>File hash information</h3><table class=\"table\"><tbody><tr><th>Package name</th><th>Package hash SHA 1</th><th>Package hash SHA 2</th></tr><tr><td>word2010-kb4018359-fullfile-x86-glb.exe</td><td>C975616FC3C483A366BF088334461650729F1E93</td><td>DECAE55B8DFD5BBFFA91BDEDCE4DEDD01D6C495C5B8E66025F86BCB76A246B11</td></tr><tr><td>word2010-kb4018359-fullfile-x64-glb.exe</td><td>C89184EC67386D246D5A3DD0DAFBF6ADD5BD8975</td><td>C07D3775C76D4D4AB17D79FE72EB89CFC35D895CC68631B23231B4A2CB3C1A36</td></tr></tbody></table><h3><br/>File information</h3><p>The English version of this security update has the file attributes (or later file attributes) that are listed in the following table.</p><h4>For all supported x86-based versions of Word 2010</h4><table class=\"table\"><tbody><tr><th>File identifier</th><th>File name</th><th>File version</th><th>File size</th><th>Date</th><th>Time</th></tr><tr><td>msword.olb</td><td>msword.olb</td><td>14.0.7162.5000</td><td>902,304</td><td>14-Oct-2015</td><td>04:59</td></tr><tr><td>winword.exe</td><td>winword.exe</td><td>14.0.7197.5000</td><td>1,432,224</td><td>25-Mar-2018</td><td>11:06</td></tr><tr><td>wordicon.exe</td><td>wordicon.exe</td><td>14.0.7120.5000</td><td>1,859,240</td><td>05-Mar-2014</td><td>06:06</td></tr><tr><td>wrd12cnv.dll</td><td>wordcnv.dll</td><td>14.0.7197.5000</td><td>5,484,200</td><td>25-Mar-2018</td><td>11:07</td></tr><tr><td>wwlib.dll</td><td>wwlib.dll</td><td>14.0.7197.5000</td><td>19,397,288</td><td>25-Mar-2018</td><td>11:06</td></tr></tbody></table><h4>For all supported x64-based versions of Word 2010</h4><table class=\"table\"><tbody><tr><th>File identifier</th><th>File name</th><th>File version</th><th>File size</th><th>Date</th><th>Time</th></tr><tr><td>msword.olb</td><td>msword.olb</td><td>14.0.7162.5000</td><td>902,304</td><td>14-Oct-2015</td><td>05:03</td></tr><tr><td>winword.exe</td><td>winword.exe</td><td>14.0.7197.5000</td><td>1,433,256</td><td>25-Mar-2018</td><td>11:07</td></tr><tr><td>wordicon.exe</td><td>wordicon.exe</td><td>14.0.7120.5000</td><td>1,859,240</td><td>05-Mar-2014</td><td>06:06</td></tr><tr><td>wrd12cnv.dll</td><td>wordcnv.dll</td><td>14.0.7197.5000</td><td>6,840,488</td><td>25-Mar-2018</td><td>11:06</td></tr><tr><td>wwlib.dll</td><td>wwlib.dll</td><td>14.0.7197.5000</td><td>24,535,720</td><td>25-Mar-2018</td><td>11:07</td></tr></tbody></table><h2>How to get help and support for this security update</h2><p>Help for installing updates: <a bookmark-id=\"\" data-content-id=\"\" data-content-type=\"\" href=\"https://support.microsoft.com/ph/6527\" managed-link=\"\" target=\"\">Support for Microsoft Update</a></p><p>Security solutions for IT professionals: <a bookmark-id=\"\" data-content-id=\"\" data-content-type=\"\" href=\"https://technet.microsoft.com/security/bb980617.aspx\" managed-link=\"\" target=\"\">TechNet Security Troubleshooting and Support</a></p><p>Help for protecting your Windows-based computer from viruses and malware: <a bookmark-id=\"\" data-content-id=\"\" data-content-type=\"\" href=\"https://support.microsoft.com/contactus/cu_sc_virsec_master\" managed-link=\"\" target=\"\">Virus Solution and Security Center</a></p><p>Local support according to your country: <a bookmark-id=\"\" data-content-id=\"\" data-content-type=\"\" href=\"http://support.microsoft.com\" managed-link=\"\" target=\"\">International Support</a></p><p><span><span>Propose a feature or provide feedback on Office: <a href=\"https://office.uservoice.com/\" target=\"_blank\">Office User Voice portal</a></span></span></p></body></html>", "edition": 11, "modified": "2020-04-16T09:11:09", "id": "KB4018359", "href": "https://support.microsoft.com/en-us/help/4018359/", "published": "2018-04-10T00:00:00", "title": "Description of the security update for Word 2010: April 10, 2018", "type": "mskb", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-01T22:44:01", "bulletinFamily": "microsoft", "cvelist": ["CVE-2018-0950"], "description": "<html><body><p>Description of the security update for Word 2013: April 10, 2018.</p><h2>Summary</h2><div><p>This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see\u00a0Microsoft Common Vulnerabilities and Exposures\u00a0<a data-content-id=\"\" data-content-type=\"\" href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0950\" target=\"_blank\">CVE-2018-0950</a>.\u00a0\u00a0<br/><br/><strong>Note</strong> To apply this security update, you must have the release version of <a href=\"http://support.microsoft.com/kb/2817430\">Service Pack 1 for Microsoft Office 2013</a> installed on the computer.</p><p>Be aware that the update in the Microsoft Download Center applies to the Microsoft Installer (.msi)-based edition of Office 2013. It doesn't apply to the Office 2013 Click-to-Run editions, such as Microsoft Office 365 Home\u00a0(see\u00a0<a href=\"https://blogs.technet.microsoft.com/office_integration__sharepoint/2016/06/23/determining-your-office-version-msi-vs-c2r/\" tabindex=\"0\" target=\"_blank\">Determining your Office version</a>).</p></div><h2>Improvements and fixes</h2><p>This security update contains improvements and fixes for the following nonsecurity issues:</p><ul linespacing=\"1\" style=\"list-style-type:UnorderedBullets\" type=\"UnorderedBullets\"><li>Improves general performance of Microsoft Word 2013.</li><li>Improves performance for bookmark deletion by using programmatic methods, such as deleting bookmarks through macros, VBA, and C#.</li><li>The end position of a bookmark is synced incorrectly during co-authoring operation in Word 2013.</li><li>If a Word document that contains OLE or OCX controls is embedded as an OLE object in another application, the controls appear in the\u00a0wrong place when you scroll the document.</li></ul><h2>How to get and install the update</h2><h3>Method 1: Microsoft Update</h3><p>This update is available from Microsoft Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to get security updates automatically, see <a bookmark-id=\"\" data-content-id=\"\" data-content-type=\"\" href=\"https://support.microsoft.com/en-us/help/12373/windows-update-faq\" managed-link=\"\" target=\"\">Windows Update: FAQ</a>.</p><h3>Method 2: Microsoft Update Catalog</h3><p>To get the stand-alone package for this update, go to the <a bookmark-id=\"\" data-content-id=\"\" data-content-type=\"\" href=\"http://www.catalog.update.microsoft.com/Search.aspx?q=KB4018347\" managed-link=\"\" target=\"\">Microsoft Update Catalog</a> website.</p><h3>Method 3: Microsoft Download Center</h3><p>You can get the stand-alone update package through the Microsoft Download Center. Follow the installation instructions on the download page to install the update.</p><ul linespacing=\"1\" style=\"list-style-type:UnorderedBullets\" type=\"UnorderedBullets\"><li><span asset=\"4009805\" contenteditable=\"false\" props='{\"size\":\"full\"}' unselectable=\"on\">4009805</span><a bookmark-id=\"\" data-content-id=\"\" href=\"http://www.microsoft.com/download/details.aspx?familyid=697b6fd0-1cd7-4e88-b376-5de6a8c256c3\" managed-link=\"\">Download the security update KB 4018347 for the 32-bit version of Word 2013</a></li><li><span asset=\"4009805\" contenteditable=\"false\" props='{\"size\":\"full\"}' unselectable=\"on\">4009805</span><a bookmark-id=\"\" data-content-id=\"\" href=\"http://www.microsoft.com/download/details.aspx?familyid=974a638e-9a56-49e9-8bbe-0f9b41371e01\" managed-link=\"\">Download the security update KB 4018347 for the 64-bit version of Word 2013</a></li></ul><h2>More Information</h2><h3>Security update deployment information</h3><p>For deployment information about this update, see <a href=\"https://support.microsoft.com/en-us/help/20180410\">security update deployment information: April 10, 2018</a>.</p><h3>Security update replacement information</h3><p>This security update replaces previously released security update <a bookmark-id=\"\" data-content-id=\"\" data-content-type=\"\" href=\"http://support.microsoft.com/kb/4011685\" managed-link=\"\" target=\"_blank\">KB 4011695</a>.</p><h3>File hash information</h3><table class=\"table\"><tbody><tr><th>Package name</th><th>Package hash SHA 1</th><th>Package hash SHA 2</th></tr><tr><td>word2013-kb4018347-fullfile-x86-glb.exe</td><td>EA6137D3D81A0E759FBE5E31DCD7574760DCAC8D</td><td>DC62D4FF9BF36CF4371D89955C6E48C8ADDF58A0457CE8BA3EA73670534C347F</td></tr><tr><td>word2013-kb4018347-fullfile-x64-glb.exe</td><td>FA72D5383B2433001AB647E8317877A248BADD75</td><td>B8111DEA0825AEFF755343E8FEEC90BDFE13317D7383B8CDCF19AC9E266700E7</td></tr></tbody></table><h3><br/>File information</h3><p>The English version of this security update has the file attributes (or later file attributes) that are listed in the following table.</p><h4>For all supported x86-based versions of Word 2013</h4><table class=\"table\"><tbody><tr><th>File identifier</th><th>File name</th><th>File version</th><th>File size</th><th>Date</th><th>Time</th></tr><tr><td>calligra.dll</td><td>calligra.dll</td><td>15.0.4545.1000</td><td>279752</td><td>14-Mar-18</td><td>10:36</td></tr><tr><td>bibform.xml_1025</td><td>bibform.xml</td><td>\u00a0</td><td>106100</td><td>14-Mar-18</td><td>10:35</td></tr><tr><td>wwintl.dll_1025</td><td>wwintl.dll</td><td>15.0.4885.1000</td><td>947384</td><td>14-Mar-18</td><td>10:16</td></tr><tr><td>wwintl.dll_1026</td><td>wwintl.dll</td><td>15.0.4885.1000</td><td>997560</td><td>14-Mar-18</td><td>10:16</td></tr><tr><td>bibform.xml_1029</td><td>bibform.xml</td><td>\u00a0</td><td>112512</td><td>14-Mar-18</td><td>10:35</td></tr><tr><td>wwintl.dll_1029</td><td>wwintl.dll</td><td>15.0.4885.1000</td><td>1065656</td><td>14-Mar-18</td><td>10:16</td></tr><tr><td>wwintl.dll_1030</td><td>wwintl.dll</td><td>15.0.4937.1000</td><td>905912</td><td>14-Mar-18</td><td>10:16</td></tr><tr><td>bibform.xml_1031</td><td>bibform.xml</td><td>\u00a0</td><td>114240</td><td>14-Mar-18</td><td>10:35</td></tr><tr><td>wwintl.dll_1031</td><td>wwintl.dll</td><td>15.0.4885.1000</td><td>993976</td><td>14-Mar-18</td><td>10:16</td></tr><tr><td>bibform.xml_1032</td><td>bibform.xml</td><td>\u00a0</td><td>114340</td><td>14-Mar-18</td><td>10:35</td></tr><tr><td>wwintl.dll_1032</td><td>wwintl.dll</td><td>15.0.4885.1000</td><td>1132216</td><td>14-Mar-18</td><td>10:16</td></tr><tr><td>bibform.xml_3082</td><td>bibform.xml</td><td>\u00a0</td><td>114930</td><td>14-Mar-18</td><td>10:35</td></tr><tr><td>wwintl.dll_3082</td><td>wwintl.dll</td><td>15.0.4885.1000</td><td>941240</td><td>14-Mar-18</td><td>10:16</td></tr><tr><td>wwintl.dll_1061</td><td>wwintl.dll</td><td>15.0.4885.1000</td><td>922296</td><td>14-Mar-18</td><td>10:16</td></tr><tr><td>wwintl.dll_1035</td><td>wwintl.dll</td><td>15.0.4875.1000</td><td>925368</td><td>14-Mar-18</td><td>10:16</td></tr><tr><td>bibform.xml_1036</td><td>bibform.xml</td><td>\u00a0</td><td>114844</td><td>14-Mar-18</td><td>10:35</td></tr><tr><td>wwintl.dll_1036</td><td>wwintl.dll</td><td>15.0.4885.1000</td><td>1049784</td><td>14-Mar-18</td><td>10:16</td></tr><tr><td>bibform.xml_1037</td><td>bibform.xml</td><td>\u00a0</td><td>106424</td><td>14-Mar-18</td><td>10:35</td></tr><tr><td>wwintl.dll_1037</td><td>wwintl.dll</td><td>15.0.4875.1000</td><td>937656</td><td>14-Mar-18</td><td>10:16</td></tr><tr><td>wwintl.dll_1081</td><td>wwintl.dll</td><td>15.0.4885.1000</td><td>966840</td><td>14-Mar-18</td><td>10:16</td></tr><tr><td>wwintl.dll_1050</td><td>wwintl.dll</td><td>15.0.4875.1000</td><td>947384</td><td>14-Mar-18</td><td>10:16</td></tr><tr><td>bibform.xml_1038</td><td>bibform.xml</td><td>\u00a0</td><td>112560</td><td>14-Mar-18</td><td>10:35</td></tr><tr><td>wwintl.dll_1038</td><td>wwintl.dll</td><td>15.0.4885.1000</td><td>1086136</td><td>14-Mar-18</td><td>10:16</td></tr><tr><td>wwintl.dll_1057</td><td>wwintl.dll</td><td>15.0.4885.1000</td><td>867000</td><td>14-Mar-18</td><td>10:16</td></tr><tr><td>bibform.xml_1040</td><td>bibform.xml</td><td>\u00a0</td><td>112426</td><td>14-Mar-18</td><td>10:35</td></tr><tr><td>wwintl.dll_1040</td><td>wwintl.dll</td><td>15.0.4875.1000</td><td>947896</td><td>14-Mar-18</td><td>10:16</td></tr><tr><td>bibform.xml_1041</td><td>bibform.xml</td><td>\u00a0</td><td>97202</td><td>14-Mar-18</td><td>10:35</td></tr><tr><td>wwintl.dll_1041</td><td>wwintl.dll</td><td>15.0.4875.1000</td><td>1004728</td><td>14-Mar-18</td><td>10:16</td></tr><tr><td>wwintl.dll_1087</td><td>wwintl.dll</td><td>15.0.4885.1000</td><td>1025208</td><td>14-Mar-18</td><td>10:16</td></tr><tr><td>bibform.xml_1042</td><td>bibform.xml</td><td>\u00a0</td><td>97630</td><td>14-Mar-18</td><td>10:35</td></tr><tr><td>wwintl.dll_1042</td><td>wwintl.dll</td><td>15.0.4885.1000</td><td>1004216</td><td>14-Mar-18</td><td>10:17</td></tr><tr><td>wwintl.dll_1063</td><td>wwintl.dll</td><td>15.0.4875.1000</td><td>1006264</td><td>14-Mar-18</td><td>10:17</td></tr><tr><td>bibform.xml_1062</td><td>bibform.xml</td><td>\u00a0</td><td>114514</td><td>14-Mar-18</td><td>10:35</td></tr><tr><td>wwintl.dll_1062</td><td>wwintl.dll</td><td>15.0.4885.1000</td><td>982200</td><td>14-Mar-18</td><td>10:17</td></tr><tr><td>wwintl.dll_1086</td><td>wwintl.dll</td><td>15.0.4885.1000</td><td>870584</td><td>14-Mar-18</td><td>10:17</td></tr><tr><td>wwintl.dll_1044</td><td>wwintl.dll</td><td>15.0.4875.1000</td><td>914616</td><td>14-Mar-18</td><td>10:17</td></tr><tr><td>bibform.xml_1043</td><td>bibform.xml</td><td>\u00a0</td><td>113208</td><td>14-Mar-18</td><td>10:36</td></tr><tr><td>wwintl.dll_1043</td><td>wwintl.dll</td><td>15.0.4945.1000</td><td>932536</td><td>14-Mar-18</td><td>10:17</td></tr><tr><td>wwintl.dll_1045</td><td>wwintl.dll</td><td>15.0.4885.1000</td><td>1044152</td><td>14-Mar-18</td><td>10:17</td></tr><tr><td>bibform.xml_1046</td><td>bibform.xml</td><td>\u00a0</td><td>111828</td><td>14-Mar-18</td><td>10:36</td></tr><tr><td>wwintl.dll_1046</td><td>wwintl.dll</td><td>15.0.4885.1000</td><td>949944</td><td>14-Mar-18</td><td>10:17</td></tr><tr><td>wwintl.dll_2070</td><td>wwintl.dll</td><td>15.0.4885.1000</td><td>963256</td><td>14-Mar-18</td><td>10:17</td></tr><tr><td>wwintl.dll_1048</td><td>wwintl.dll</td><td>15.0.4875.1000</td><td>1085112</td><td>14-Mar-18</td><td>10:17</td></tr><tr><td>bibform.xml_1049</td><td>bibform.xml</td><td>\u00a0</td><td>112712</td><td>14-Mar-18</td><td>10:36</td></tr><tr><td>wwintl.dll_1049</td><td>wwintl.dll</td><td>15.0.4875.1000</td><td>970424</td><td>14-Mar-18</td><td>10:17</td></tr><tr><td>bibform.xml_1051</td><td>bibform.xml</td><td>\u00a0</td><td>111034</td><td>14-Mar-18</td><td>10:36</td></tr><tr><td>wwintl.dll_1051</td><td>wwintl.dll</td><td>15.0.4885.1000</td><td>1083576</td><td>14-Mar-18</td><td>10:17</td></tr><tr><td>wwintl.dll_1060</td><td>wwintl.dll</td><td>15.0.4875.1000</td><td>970936</td><td>14-Mar-18</td><td>10:17</td></tr><tr><td>wwintl.dll_2074</td><td>wwintl.dll</td><td>15.0.4875.1000</td><td>1003192</td><td>14-Mar-18</td><td>10:17</td></tr><tr><td>wwintl.dll_1053</td><td>wwintl.dll</td><td>15.0.4885.1000</td><td>913080</td><td>14-Mar-18</td><td>10:17</td></tr><tr><td>wwintl.dll_1054</td><td>wwintl.dll</td><td>15.0.4885.1000</td><td>933048</td><td>14-Mar-18</td><td>10:17</td></tr><tr><td>wwintl.dll_1055</td><td>wwintl.dll</td><td>15.0.4875.1000</td><td>1041080</td><td>14-Mar-18</td><td>10:17</td></tr><tr><td>wwintl.dll_1058</td><td>wwintl.dll</td><td>15.0.4885.1000</td><td>977080</td><td>14-Mar-18</td><td>10:17</td></tr><tr><td>bibform.xml_1066</td><td>bibform.xml</td><td>\u00a0</td><td>113620</td><td>14-Mar-18</td><td>10:36</td></tr><tr><td>wwintl.dll_1066</td><td>wwintl.dll</td><td>15.0.4875.1000</td><td>1072824</td><td>14-Mar-18</td><td>10:17</td></tr><tr><td>bibform.xml_2052</td><td>bibform.xml</td><td>\u00a0</td><td>96830</td><td>14-Mar-18</td><td>10:36</td></tr><tr><td>wwintl.dll_2052</td><td>wwintl.dll</td><td>15.0.4885.1000</td><td>823480</td><td>14-Mar-18</td><td>10:17</td></tr><tr><td>bibform.xml_1028</td><td>bibform.xml</td><td>\u00a0</td><td>96804</td><td>14-Mar-18</td><td>10:36</td></tr><tr><td>wwintl.dll_1028</td><td>wwintl.dll</td><td>15.0.4885.1000</td><td>837304</td><td>14-Mar-18</td><td>10:17</td></tr><tr><td>document_parts.dot_1025</td><td>built-in building blocks.dotx</td><td>\u00a0</td><td>3633666</td><td>14-Mar-18</td><td>10:35</td></tr><tr><td>document_parts.dot_1026</td><td>built-in building blocks.dotx</td><td>\u00a0</td><td>3637449</td><td>14-Mar-18</td><td>10:35</td></tr><tr><td>document_parts.dot_1029</td><td>built-in building blocks.dotx</td><td>\u00a0</td><td>3618985</td><td>14-Mar-18</td><td>10:35</td></tr><tr><td>document_parts.dot_1030</td><td>built-in building blocks.dotx</td><td>\u00a0</td><td>3608062</td><td>14-Mar-18</td><td>10:35</td></tr><tr><td>document_parts.dot_1031</td><td>built-in building blocks.dotx</td><td>\u00a0</td><td>3603386</td><td>14-Mar-18</td><td>10:35</td></tr><tr><td>document_parts.dot_1032</td><td>built-in building blocks.dotx</td><td>\u00a0</td><td>3653167</td><td>14-Mar-18</td><td>10:35</td></tr><tr><td>document_parts.dot_3082</td><td>built-in building blocks.dotx</td><td>\u00a0</td><td>3612006</td><td>14-Mar-18</td><td>10:35</td></tr><tr><td>document_parts.dot_1061</td><td>built-in building blocks.dotx</td><td>\u00a0</td><td>3604130</td><td>14-Mar-18</td><td>10:35</td></tr><tr><td>document_parts.dot_1035</td><td>built-in building blocks.dotx</td><td>\u00a0</td><td>3603428</td><td>14-Mar-18</td><td>10:35</td></tr><tr><td>document_parts.dot_1036</td><td>built-in building blocks.dotx</td><td>\u00a0</td><td>3619560</td><td>14-Mar-18</td><td>10:35</td></tr><tr><td>document_parts.dot_1037</td><td>built-in building blocks.dotx</td><td>\u00a0</td><td>3629591</td><td>14-Mar-18</td><td>10:35</td></tr><tr><td>document_parts.dot_1081</td><td>built-in building blocks.dotx</td><td>\u00a0</td><td>3644334</td><td>14-Mar-18</td><td>10:35</td></tr><tr><td>document_parts.dot_1050</td><td>built-in building blocks.dotx</td><td>\u00a0</td><td>3607442</td><td>14-Mar-18</td><td>10:35</td></tr><tr><td>document_parts.dot_1038</td><td>built-in building blocks.dotx</td><td>\u00a0</td><td>3604785</td><td>14-Mar-18</td><td>10:35</td></tr><tr><td>document_parts.dot_1057</td><td>built-in building blocks.dotx</td><td>\u00a0</td><td>3609041</td><td>14-Mar-18</td><td>10:35</td></tr><tr><td>document_parts.dot_1040</td><td>built-in building blocks.dotx</td><td>\u00a0</td><td>3599032</td><td>14-Mar-18</td><td>10:35</td></tr><tr><td>document_parts.dot_1041</td><td>built-in building blocks.dotx</td><td>\u00a0</td><td>3636899</td><td>14-Mar-18</td><td>10:35</td></tr><tr><td>document_parts.dot_1087</td><td>built-in building blocks.dotx</td><td>\u00a0</td><td>3634700</td><td>14-Mar-18</td><td>10:35</td></tr><tr><td>document_parts.dot_1042</td><td>built-in building blocks.dotx</td><td>\u00a0</td><td>3628333</td><td>14-Mar-18</td><td>10:35</td></tr><tr><td>document_parts.dot_1063</td><td>built-in building blocks.dotx</td><td>\u00a0</td><td>3622044</td><td>14-Mar-18</td><td>10:35</td></tr><tr><td>document_parts.dot_1062</td><td>built-in building blocks.dotx</td><td>\u00a0</td><td>3611384</td><td>14-Mar-18</td><td>10:35</td></tr><tr><td>document_parts.dot_1086</td><td>built-in building blocks.dotx</td><td>\u00a0</td><td>3604931</td><td>14-Mar-18</td><td>10:36</td></tr><tr><td>document_parts.dot_1044</td><td>built-in building blocks.dotx</td><td>\u00a0</td><td>3608018</td><td>14-Mar-18</td><td>10:36</td></tr><tr><td>document_parts.dot_1043</td><td>built-in building blocks.dotx</td><td>\u00a0</td><td>3601853</td><td>14-Mar-18</td><td>10:36</td></tr><tr><td>document_parts.dot_1045</td><td>built-in building blocks.dotx</td><td>\u00a0</td><td>3609394</td><td>14-Mar-18</td><td>10:36</td></tr><tr><td>document_parts.dot_1046</td><td>built-in building blocks.dotx</td><td>\u00a0</td><td>3617732</td><td>14-Mar-18</td><td>10:36</td></tr><tr><td>document_parts.dot_2070</td><td>built-in building blocks.dotx</td><td>\u00a0</td><td>3613701</td><td>14-Mar-18</td><td>10:36</td></tr><tr><td>document_parts.dot_1048</td><td>built-in building blocks.dotx</td><td>\u00a0</td><td>3617400</td><td>14-Mar-18</td><td>10:36</td></tr><tr><td>document_parts.dot_1049</td><td>built-in building blocks.dotx</td><td>\u00a0</td><td>3646588</td><td>14-Mar-18</td><td>10:36</td></tr><tr><td>document_parts.dot_1051</td><td>built-in building blocks.dotx</td><td>\u00a0</td><td>3613567</td><td>14-Mar-18</td><td>10:36</td></tr><tr><td>document_parts.dot_1060</td><td>built-in building blocks.dotx</td><td>\u00a0</td><td>3604721</td><td>14-Mar-18</td><td>10:36</td></tr><tr><td>document_parts.dot_2074</td><td>built-in building blocks.dotx</td><td>\u00a0</td><td>3617809</td><td>14-Mar-18</td><td>10:36</td></tr><tr><td>document_parts.dot_1053</td><td>built-in building blocks.dotx</td><td>\u00a0</td><td>3609521</td><td>14-Mar-18</td><td>10:36</td></tr><tr><td>document_parts.dot_1054</td><td>built-in building blocks.dotx</td><td>\u00a0</td><td>3653990</td><td>14-Mar-18</td><td>10:36</td></tr><tr><td>document_parts.dot_1055</td><td>built-in building blocks.dotx</td><td>\u00a0</td><td>3607036</td><td>14-Mar-18</td><td>10:36</td></tr><tr><td>document_parts.dot_1058</td><td>built-in building blocks.dotx</td><td>\u00a0</td><td>3649803</td><td>14-Mar-18</td><td>10:36</td></tr><tr><td>document_parts.dot_1066</td><td>built-in building blocks.dotx</td><td>\u00a0</td><td>3631479</td><td>14-Mar-18</td><td>10:36</td></tr><tr><td>document_parts.dot_2052</td><td>built-in building blocks.dotx</td><td>\u00a0</td><td>3615970</td><td>14-Mar-18</td><td>10:36</td></tr><tr><td>document_parts.dot_1028</td><td>built-in building blocks.dotx</td><td>\u00a0</td><td>3627311</td><td>14-Mar-18</td><td>10:36</td></tr><tr><td>wordicon.exe</td><td>wordicon.exe</td><td>15.0.4553.1000</td><td>3015336</td><td>14-Mar-18</td><td>08:19</td></tr><tr><td>pdfreflow.exe</td><td>pdfreflow.exe</td><td>15.0.4997.1000</td><td>9611968</td><td>14-Mar-18</td><td>08:19</td></tr><tr><td>wwintl.dll.idx_dll_1025</td><td>wwintl.dll.idx_dll</td><td>15.0.4875.1000</td><td>117440</td><td>14-Mar-18</td><td>10:16</td></tr><tr><td>wwintl.rest.idx_dll_1025</td><td>wwintl.rest.idx_dll</td><td>15.0.4885.1000</td><td>526016</td><td>14-Mar-18</td><td>10:16</td></tr><tr><td>wwintl.dll.idx_dll_1026</td><td>wwintl.dll.idx_dll</td><td>15.0.4875.1000</td><td>116928</td><td>14-Mar-18</td><td>10:16</td></tr><tr><td>wwintl.rest.idx_dll_1026</td><td>wwintl.rest.idx_dll</td><td>15.0.4885.1000</td><td>533696</td><td>14-Mar-18</td><td>10:16</td></tr><tr><td>wwintl.dll.idx_dll_1029</td><td>wwintl.dll.idx_dll</td><td>15.0.4875.1000</td><td>116928</td><td>14-Mar-18</td><td>10:16</td></tr><tr><td>wwintl.rest.idx_dll_1029</td><td>wwintl.rest.idx_dll</td><td>15.0.4885.1000</td><td>630976</td><td>14-Mar-18</td><td>10:16</td></tr><tr><td>wwintl.dll.idx_dll_1030</td><td>wwintl.dll.idx_dll</td><td>15.0.4875.1000</td><td>114368</td><td>14-Mar-18</td><td>10:16</td></tr><tr><td>wwintl.rest.idx_dll_1030</td><td>wwintl.rest.idx_dll</td><td>15.0.4937.1000</td><td>620736</td><td>14-Mar-18</td><td>10:16</td></tr><tr><td>wwintl.dll.idx_dll_1031</td><td>wwintl.dll.idx_dll</td><td>15.0.4875.1000</td><td>115904</td><td>14-Mar-18</td><td>10:16</td></tr><tr><td>wwintl.rest.idx_dll_1031</td><td>wwintl.rest.idx_dll</td><td>15.0.4885.1000</td><td>624832</td><td>14-Mar-18</td><td>10:16</td></tr><tr><td>wwintl.dll.idx_dll_1032</td><td>wwintl.dll.idx_dll</td><td>15.0.4875.1000</td><td>115904</td><td>14-Mar-18</td><td>10:16</td></tr><tr><td>wwintl.rest.idx_dll_1032</td><td>wwintl.rest.idx_dll</td><td>15.0.4885.1000</td><td>528064</td><td>14-Mar-18</td><td>10:16</td></tr><tr><td>wwintl.dll.idx_dll_1033</td><td>wwintl.dll.idx_dll</td><td>15.0.4875.1000</td><td>117504</td><td>14-Mar-18</td><td>08:19</td></tr><tr><td>wwintl.rest.idx_dll_1033</td><td>wwintl.rest.idx_dll</td><td>15.0.4569.1501</td><td>628424</td><td>14-Mar-18</td><td>08:19</td></tr><tr><td>wwintl.dll.idx_dll_3082</td><td>wwintl.dll.idx_dll</td><td>15.0.4875.1000</td><td>115392</td><td>14-Mar-18</td><td>10:16</td></tr><tr><td>wwintl.rest.idx_dll_3082</td><td>wwintl.rest.idx_dll</td><td>15.0.4885.1000</td><td>630464</td><td>14-Mar-18</td><td>10:16</td></tr><tr><td>wwintl.dll.idx_dll_1061</td><td>wwintl.dll.idx_dll</td><td>15.0.4875.1000</td><td>116928</td><td>14-Mar-18</td><td>10:16</td></tr><tr><td>wwintl.rest.idx_dll_1061</td><td>wwintl.rest.idx_dll</td><td>15.0.4885.1000</td><td>528064</td><td>14-Mar-18</td><td>10:16</td></tr><tr><td>wwintl.dll.idx_dll_1035</td><td>wwintl.dll.idx_dll</td><td>15.0.4875.1000</td><td>117440</td><td>14-Mar-18</td><td>10:16</td></tr><tr><td>wwintl.rest.idx_dll_1035</td><td>wwintl.rest.idx_dll</td><td>15.0.4569.1504</td><td>621224</td><td>14-Mar-18</td><td>10:16</td></tr><tr><td>wwintl.dll.idx_dll_1036</td><td>wwintl.dll.idx_dll</td><td>15.0.4875.1000</td><td>115392</td><td>14-Mar-18</td><td>10:16</td></tr><tr><td>wwintl.rest.idx_dll_1036</td><td>wwintl.rest.idx_dll</td><td>15.0.4885.1000</td><td>628416</td><td>14-Mar-18</td><td>10:16</td></tr><tr><td>wwintl.dll.idx_dll_1037</td><td>wwintl.dll.idx_dll</td><td>15.0.4875.1000</td><td>116928</td><td>14-Mar-18</td><td>10:16</td></tr><tr><td>wwintl.rest.idx_dll_1037</td><td>wwintl.rest.idx_dll</td><td>15.0.4569.1504</td><td>520360</td><td>14-Mar-18</td><td>10:16</td></tr><tr><td>wwintl.dll.idx_dll_1081</td><td>wwintl.dll.idx_dll</td><td>15.0.4875.1000</td><td>115904</td><td>14-Mar-18</td><td>10:16</td></tr><tr><td>wwintl.rest.idx_dll_1081</td><td>wwintl.rest.idx_dll</td><td>15.0.4885.1000</td><td>524480</td><td>14-Mar-18</td><td>10:16</td></tr><tr><td>wwintl.dll.idx_dll_1050</td><td>wwintl.dll.idx_dll</td><td>15.0.4875.1000</td><td>118976</td><td>14-Mar-18</td><td>10:16</td></tr><tr><td>wwintl.rest.idx_dll_1050</td><td>wwintl.rest.idx_dll</td><td>15.0.4569.1504</td><td>625832</td><td>14-Mar-18</td><td>10:16</td></tr><tr><td>wwintl.dll.idx_dll_1038</td><td>wwintl.dll.idx_dll</td><td>15.0.4875.1000</td><td>116416</td><td>14-Mar-18</td><td>10:16</td></tr><tr><td>wwintl.rest.idx_dll_1038</td><td>wwintl.rest.idx_dll</td><td>15.0.4885.1000</td><td>623808</td><td>14-Mar-18</td><td>10:16</td></tr><tr><td>wwintl.dll.idx_dll_1057</td><td>wwintl.dll.idx_dll</td><td>15.0.4875.1000</td><td>116928</td><td>14-Mar-18</td><td>10:16</td></tr><tr><td>wwintl.rest.idx_dll_1057</td><td>wwintl.rest.idx_dll</td><td>15.0.4885.1000</td><td>531136</td><td>14-Mar-18</td><td>10:16</td></tr><tr><td>wwintl.dll.idx_dll_1040</td><td>wwintl.dll.idx_dll</td><td>15.0.4875.1000</td><td>114880</td><td>14-Mar-18</td><td>10:16</td></tr><tr><td>wwintl.rest.idx_dll_1040</td><td>wwintl.rest.idx_dll</td><td>15.0.4569.1504</td><td>620712</td><td>14-Mar-18</td><td>10:16</td></tr><tr><td>wwintl.dll.idx_dll_1041</td><td>wwintl.dll.idx_dll</td><td>15.0.4875.1000</td><td>115400</td><td>14-Mar-18</td><td>10:16</td></tr><tr><td>wwintl.rest.idx_dll_1041</td><td>wwintl.rest.idx_dll</td><td>15.0.4569.1504</td><td>496296</td><td>14-Mar-18</td><td>10:16</td></tr><tr><td>wwintl.dll.idx_dll_1087</td><td>wwintl.dll.idx_dll</td><td>15.0.4875.1000</td><td>113344</td><td>14-Mar-18</td><td>10:16</td></tr><tr><td>wwintl.rest.idx_dll_1087</td><td>wwintl.rest.idx_dll</td><td>15.0.4885.1000</td><td>525504</td><td>14-Mar-18</td><td>10:16</td></tr><tr><td>wwintl.dll.idx_dll_1042</td><td>wwintl.dll.idx_dll</td><td>15.0.4875.1000</td><td>113344</td><td>14-Mar-18</td><td>10:17</td></tr><tr><td>wwintl.rest.idx_dll_1042</td><td>wwintl.rest.idx_dll</td><td>15.0.4885.1000</td><td>511680</td><td>14-Mar-18</td><td>10:17</td></tr><tr><td>wwintl.dll.idx_dll_1063</td><td>wwintl.dll.idx_dll</td><td>15.0.4875.1000</td><td>117440</td><td>14-Mar-18</td><td>10:17</td></tr><tr><td>wwintl.rest.idx_dll_1063</td><td>wwintl.rest.idx_dll</td><td>15.0.4569.1504</td><td>522408</td><td>14-Mar-18</td><td>10:17</td></tr><tr><td>wwintl.dll.idx_dll_1062</td><td>wwintl.dll.idx_dll</td><td>15.0.4875.1000</td><td>118976</td><td>14-Mar-18</td><td>10:17</td></tr><tr><td>wwintl.rest.idx_dll_1062</td><td>wwintl.rest.idx_dll</td><td>15.0.4885.1000</td><td>532672</td><td>14-Mar-18</td><td>10:17</td></tr><tr><td>wwintl.dll.idx_dll_1086</td><td>wwintl.dll.idx_dll</td><td>15.0.4875.1000</td><td>116928</td><td>14-Mar-18</td><td>10:17</td></tr><tr><td>wwintl.rest.idx_dll_1086</td><td>wwintl.rest.idx_dll</td><td>15.0.4885.1000</td><td>530112</td><td>14-Mar-18</td><td>10:17</td></tr><tr><td>wwintl.dll.idx_dll_1044</td><td>wwintl.dll.idx_dll</td><td>15.0.4875.1000</td><td>114880</td><td>14-Mar-18</td><td>10:17</td></tr><tr><td>wwintl.rest.idx_dll_1044</td><td>wwintl.rest.idx_dll</td><td>15.0.4569.1504</td><td>614056</td><td>14-Mar-18</td><td>10:17</td></tr><tr><td>wwintl.dll.idx_dll_1043</td><td>wwintl.dll.idx_dll</td><td>15.0.4875.1000</td><td>114880</td><td>14-Mar-18</td><td>10:17</td></tr><tr><td>wwintl.rest.idx_dll_1043</td><td>wwintl.rest.idx_dll</td><td>15.0.4945.1000</td><td>625856</td><td>14-Mar-18</td><td>10:17</td></tr><tr><td>wwintl.dll.idx_dll_1045</td><td>wwintl.dll.idx_dll</td><td>15.0.4875.1000</td><td>117952</td><td>14-Mar-18</td><td>10:17</td></tr><tr><td>wwintl.rest.idx_dll_1045</td><td>wwintl.rest.idx_dll</td><td>15.0.4885.1000</td><td>528064</td><td>14-Mar-18</td><td>10:17</td></tr><tr><td>wwintl.dll.idx_dll_1046</td><td>wwintl.dll.idx_dll</td><td>15.0.4875.1000</td><td>118464</td><td>14-Mar-18</td><td>10:17</td></tr><tr><td>wwintl.rest.idx_dll_1046</td><td>wwintl.rest.idx_dll</td><td>15.0.4885.1000</td><td>637120</td><td>14-Mar-18</td><td>10:17</td></tr><tr><td>wwintl.dll.idx_dll_2070</td><td>wwintl.dll.idx_dll</td><td>15.0.4875.1000</td><td>118464</td><td>14-Mar-18</td><td>10:17</td></tr><tr><td>wwintl.rest.idx_dll_2070</td><td>wwintl.rest.idx_dll</td><td>15.0.4885.1000</td><td>637632</td><td>14-Mar-18</td><td>10:17</td></tr><tr><td>wwintl.dll.idx_dll_1048</td><td>wwintl.dll.idx_dll</td><td>15.0.4875.1000</td><td>117440</td><td>14-Mar-18</td><td>10:17</td></tr><tr><td>wwintl.rest.idx_dll_1048</td><td>wwintl.rest.idx_dll</td><td>15.0.4569.1504</td><td>618664</td><td>14-Mar-18</td><td>10:17</td></tr><tr><td>wwintl.dll.idx_dll_1049</td><td>wwintl.dll.idx_dll</td><td>15.0.4875.1000</td><td>115904</td><td>14-Mar-18</td><td>10:17</td></tr><tr><td>wwintl.rest.idx_dll_1049</td><td>wwintl.rest.idx_dll</td><td>15.0.4569.1504</td><td>514728</td><td>14-Mar-18</td><td>10:17</td></tr><tr><td>wwintl.dll.idx_dll_1051</td><td>wwintl.dll.idx_dll</td><td>15.0.4875.1000</td><td>117440</td><td>14-Mar-18</td><td>10:17</td></tr><tr><td>wwintl.rest.idx_dll_1051</td><td>wwintl.rest.idx_dll</td><td>15.0.4885.1000</td><td>631488</td><td>14-Mar-18</td><td>10:17</td></tr><tr><td>wwintl.dll.idx_dll_1060</td><td>wwintl.dll.idx_dll</td><td>15.0.4875.1000</td><td>116928</td><td>14-Mar-18</td><td>10:17</td></tr><tr><td>wwintl.rest.idx_dll_1060</td><td>wwintl.rest.idx_dll</td><td>15.0.4569.1504</td><td>612520</td><td>14-Mar-18</td><td>10:17</td></tr><tr><td>wwintl.dll.idx_dll_2074</td><td>wwintl.dll.idx_dll</td><td>15.0.4875.1000</td><td>117952</td><td>14-Mar-18</td><td>10:17</td></tr><tr><td>wwintl.rest.idx_dll_2074</td><td>wwintl.rest.idx_dll</td><td>15.0.4569.1504</td><td>522408</td><td>14-Mar-18</td><td>10:17</td></tr><tr><td>wwintl.dll.idx_dll_1053</td><td>wwintl.dll.idx_dll</td><td>15.0.4875.1000</td><td>114368</td><td>14-Mar-18</td><td>10:17</td></tr><tr><td>wwintl.rest.idx_dll_1053</td><td>wwintl.rest.idx_dll</td><td>15.0.4885.1000</td><td>621760</td><td>14-Mar-18</td><td>10:17</td></tr><tr><td>wwintl.dll.idx_dll_1054</td><td>wwintl.dll.idx_dll</td><td>15.0.4875.1000</td><td>114880</td><td>14-Mar-18</td><td>10:17</td></tr><tr><td>wwintl.rest.idx_dll_1054</td><td>wwintl.rest.idx_dll</td><td>15.0.4885.1000</td><td>519872</td><td>14-Mar-18</td><td>10:17</td></tr><tr><td>wwintl.dll.idx_dll_1055</td><td>wwintl.dll.idx_dll</td><td>15.0.4875.1000</td><td>117952</td><td>14-Mar-18</td><td>10:17</td></tr><tr><td>wwintl.rest.idx_dll_1055</td><td>wwintl.rest.idx_dll</td><td>15.0.4569.1504</td><td>625320</td><td>14-Mar-18</td><td>10:17</td></tr><tr><td>wwintl.dll.idx_dll_1058</td><td>wwintl.dll.idx_dll</td><td>15.0.4875.1000</td><td>116928</td><td>14-Mar-18</td><td>10:17</td></tr><tr><td>wwintl.rest.idx_dll_1058</td><td>wwintl.rest.idx_dll</td><td>15.0.4885.1000</td><td>533184</td><td>14-Mar-18</td><td>10:17</td></tr><tr><td>wwintl.dll.idx_dll_1066</td><td>wwintl.dll.idx_dll</td><td>15.0.4875.1000</td><td>117960</td><td>14-Mar-18</td><td>10:17</td></tr><tr><td>wwintl.rest.idx_dll_1066</td><td>wwintl.rest.idx_dll</td><td>15.0.4569.1504</td><td>527528</td><td>14-Mar-18</td><td>10:17</td></tr><tr><td>wwintl.dll.idx_dll_2052</td><td>wwintl.dll.idx_dll</td><td>15.0.4875.1000</td><td>116416</td><td>14-Mar-18</td><td>10:17</td></tr><tr><td>wwintl.rest.idx_dll_2052</td><td>wwintl.rest.idx_dll</td><td>15.0.4885.1000</td><td>517312</td><td>14-Mar-18</td><td>10:17</td></tr><tr><td>wwintl.dll.idx_dll_1028</td><td>wwintl.dll.idx_dll</td><td>15.0.4875.1000</td><td>114368</td><td>14-Mar-18</td><td>10:17</td></tr><tr><td>wwintl.rest.idx_dll_1028</td><td>wwintl.rest.idx_dll</td><td>15.0.4885.1000</td><td>516800</td><td>14-Mar-18</td><td>10:17</td></tr><tr><td>winword.veman.xml</td><td>winword.visualelementsmanifest.xml</td><td>\u00a0</td><td>342</td><td>14-Mar-18</td><td>08:19</td></tr><tr><td>winword.veman.xml</td><td>winwordd.visualelementsmanifest.xml</td><td>\u00a0</td><td>342</td><td>14-Mar-18</td><td>08:19</td></tr><tr><td>bibform.xml_1033</td><td>bibform.xml</td><td>\u00a0</td><td>111310</td><td>14-Mar-18</td><td>08:21</td></tr><tr><td>wwintl.dll_1033</td><td>wwintl.dll</td><td>15.0.4875.1000</td><td>794808</td><td>14-Mar-18</td><td>08:19</td></tr><tr><td>msword.olb</td><td>msword.olb</td><td>\u00a0</td><td>924832</td><td>14-Mar-18</td><td>08:19</td></tr><tr><td>winword.exe</td><td>winword.exe</td><td>15.0.5023.1000</td><td>1931944</td><td>14-Mar-18</td><td>08:19</td></tr><tr><td>wrd12cnv.dll</td><td>wordcnv.dll</td><td>15.0.5023.1000</td><td>6335144</td><td>14-Mar-18</td><td>08:19</td></tr><tr><td>wrd12pxy.cnv</td><td>wordcnvpxy.cnv</td><td>\u00a0</td><td>25168</td><td>14-Mar-18</td><td>08:19</td></tr><tr><td>wrd12exe.exe</td><td>wordconv.exe</td><td>15.0.4454.1000</td><td>22096</td><td>14-Mar-18</td><td>08:19</td></tr><tr><td>wwlib.dll</td><td>wwlib.dll</td><td>15.0.5023.1000</td><td>21840552</td><td>14-Mar-18</td><td>08:19</td></tr></tbody></table><h4>For all supported x64-based versions of Word 2013</h4><table class=\"table\"><tbody><tr><th>File identifier</th><th>File name</th><th>File version</th><th>File size</th><th>Date</th><th>Time</th></tr><tr><td>calligra.dll</td><td>calligra.dll</td><td>15.0.4545.1000</td><td>328392</td><td>14-Mar-18</td><td>10:59</td></tr><tr><td>bibform.xml_1025</td><td>bibform.xml</td><td>\u00a0</td><td>106100</td><td>14-Mar-18</td><td>10:57</td></tr><tr><td>wac.word.wwintl.dll_1025</td><td>wwintl.dll</td><td>15.0.5023.1000</td><td>1068712</td><td>14-Mar-18</td><td>10:22</td></tr><tr><td>wdsrv.conversion.word.wwintl.dll_1025</td><td>wwintl.dll</td><td>15.0.5023.1000</td><td>1068712</td><td>14-Mar-18</td><td>10:22</td></tr><tr><td>wwintl.dll_1025</td><td>wwintl.dll</td><td>15.0.5023.1000</td><td>1068712</td><td>14-Mar-18</td><td>10:22</td></tr><tr><td>wac.word.wwintl.dll_1026</td><td>wwintl.dll</td><td>15.0.5023.1000</td><td>1076896</td><td>14-Mar-18</td><td>10:22</td></tr><tr><td>wdsrv.conversion.word.wwintl.dll_1026</td><td>wwintl.dll</td><td>15.0.5023.1000</td><td>1076896</td><td>14-Mar-18</td><td>10:22</td></tr><tr><td>wwintl.dll_1026</td><td>wwintl.dll</td><td>15.0.5023.1000</td><td>1076896</td><td>14-Mar-18</td><td>10:22</td></tr><tr><td>bibform.xml_1029</td><td>bibform.xml</td><td>\u00a0</td><td>112512</td><td>14-Mar-18</td><td>10:57</td></tr><tr><td>wac.word.wwintl.dll_1029</td><td>wwintl.dll</td><td>15.0.5023.1000</td><td>1144992</td><td>14-Mar-18</td><td>10:22</td></tr><tr><td>wdsrv.conversion.word.wwintl.dll_1029</td><td>wwintl.dll</td><td>15.0.5023.1000</td><td>1144992</td><td>14-Mar-18</td><td>10:22</td></tr><tr><td>wwintl.dll_1029</td><td>wwintl.dll</td><td>15.0.5023.1000</td><td>1144992</td><td>14-Mar-18</td><td>10:22</td></tr><tr><td>wac.word.wwintl.dll_1030</td><td>wwintl.dll</td><td>15.0.5023.1000</td><td>985256</td><td>14-Mar-18</td><td>10:22</td></tr><tr><td>wdsrv.conversion.word.wwintl.dll_1030</td><td>wwintl.dll</td><td>15.0.5023.1000</td><td>985256</td><td>14-Mar-18</td><td>10:22</td></tr><tr><td>wwintl.dll_1030</td><td>wwintl.dll</td><td>15.0.5023.1000</td><td>985256</td><td>14-Mar-18</td><td>10:22</td></tr><tr><td>bibform.xml_1031</td><td>bibform.xml</td><td>\u00a0</td><td>114240</td><td>14-Mar-18</td><td>10:57</td></tr><tr><td>wac.word.wwintl.dll_1031</td><td>wwintl.dll</td><td>15.0.5023.1000</td><td>1073320</td><td>14-Mar-18</td><td>10:22</td></tr><tr><td>wdsrv.conversion.word.wwintl.dll_1031</td><td>wwintl.dll</td><td>15.0.5023.1000</td><td>1073320</td><td>14-Mar-18</td><td>10:22</td></tr><tr><td>wwintl.dll_1031</td><td>wwintl.dll</td><td>15.0.5023.1000</td><td>1073320</td><td>14-Mar-18</td><td>10:22</td></tr><tr><td>bibform.xml_1032</td><td>bibform.xml</td><td>\u00a0</td><td>114340</td><td>14-Mar-18</td><td>10:57</td></tr><tr><td>wac.word.wwintl.dll_1032</td><td>wwintl.dll</td><td>15.0.5023.1000</td><td>1211560</td><td>14-Mar-18</td><td>10:22</td></tr><tr><td>wdsrv.conversion.word.wwintl.dll_1032</td><td>wwintl.dll</td><td>15.0.5023.1000</td><td>1211560</td><td>14-Mar-18</td><td>10:22</td></tr><tr><td>wwintl.dll_1032</td><td>wwintl.dll</td><td>15.0.5023.1000</td><td>1211560</td><td>14-Mar-18</td><td>10:22</td></tr><tr><td>bibform.xml_3082</td><td>bibform.xml</td><td>\u00a0</td><td>114930</td><td>14-Mar-18</td><td>10:57</td></tr><tr><td>wac.word.wwintl.dll_3082</td><td>wwintl.dll</td><td>15.0.5023.1000</td><td>1020584</td><td>14-Mar-18</td><td>10:22</td></tr><tr><td>wdsrv.conversion.word.wwintl.dll_3082</td><td>wwintl.dll</td><td>15.0.5023.1000</td><td>1020584</td><td>14-Mar-18</td><td>10:22</td></tr><tr><td>wwintl.dll_3082</td><td>wwintl.dll</td><td>15.0.5023.1000</td><td>1020584</td><td>14-Mar-18</td><td>10:22</td></tr><tr><td>wac.word.wwintl.dll_1061</td><td>wwintl.dll</td><td>15.0.5023.1000</td><td>1001640</td><td>14-Mar-18</td><td>10:22</td></tr><tr><td>wdsrv.conversion.word.wwintl.dll_1061</td><td>wwintl.dll</td><td>15.0.5023.1000</td><td>1001640</td><td>14-Mar-18</td><td>10:22</td></tr><tr><td>wwintl.dll_1061</td><td>wwintl.dll</td><td>15.0.5023.1000</td><td>1001640</td><td>14-Mar-18</td><td>10:22</td></tr><tr><td>wac.word.wwintl.dll_1035</td><td>wwintl.dll</td><td>15.0.5023.1000</td><td>1004712</td><td>14-Mar-18</td><td>10:22</td></tr><tr><td>wdsrv.conversion.word.wwintl.dll_1035</td><td>wwintl.dll</td><td>15.0.5023.1000</td><td>1004712</td><td>14-Mar-18</td><td>10:22</td></tr><tr><td>wwintl.dll_1035</td><td>wwintl.dll</td><td>15.0.5023.1000</td><td>1004712</td><td>14-Mar-18</td><td>10:22</td></tr><tr><td>bibform.xml_1036</td><td>bibform.xml</td><td>\u00a0</td><td>114844</td><td>14-Mar-18</td><td>10:58</td></tr><tr><td>wac.word.wwintl.dll_1036</td><td>wwintl.dll</td><td>15.0.5023.1000</td><td>1129128</td><td>14-Mar-18</td><td>10:22</td></tr><tr><td>wdsrv.conversion.word.wwintl.dll_1036</td><td>wwintl.dll</td><td>15.0.5023.1000</td><td>1129128</td><td>14-Mar-18</td><td>10:22</td></tr><tr><td>wwintl.dll_1036</td><td>wwintl.dll</td><td>15.0.5023.1000</td><td>1129128</td><td>14-Mar-18</td><td>10:22</td></tr><tr><td>bibform.xml_1037</td><td>bibform.xml</td><td>\u00a0</td><td>106424</td><td>14-Mar-18</td><td>10:58</td></tr><tr><td>wac.word.wwintl.dll_1037</td><td>wwintl.dll</td><td>15.0.5023.1000</td><td>1058984</td><td>14-Mar-18</td><td>10:22</td></tr><tr><td>wdsrv.conversion.word.wwintl.dll_1037</td><td>wwintl.dll</td><td>15.0.5023.1000</td><td>1058984</td><td>14-Mar-18</td><td>10:22</td></tr><tr><td>wwintl.dll_1037</td><td>wwintl.dll</td><td>15.0.5023.1000</td><td>1058984</td><td>14-Mar-18</td><td>10:22</td></tr><tr><td>wac.word.wwintl.dll_1081</td><td>wwintl.dll</td><td>15.0.5023.1000</td><td>1046184</td><td>14-Mar-18</td><td>10:22</td></tr><tr><td>wdsrv.conversion.word.wwintl.dll_1081</td><td>wwintl.dll</td><td>15.0.5023.1000</td><td>1046184</td><td>14-Mar-18</td><td>10:22</td></tr><tr><td>wwintl.dll_1081</td><td>wwintl.dll</td><td>15.0.5023.1000</td><td>1046184</td><td>14-Mar-18</td><td>10:22</td></tr><tr><td>wac.word.wwintl.dll_1050</td><td>wwintl.dll</td><td>15.0.5023.1000</td><td>1026728</td><td>14-Mar-18</td><td>10:22</td></tr><tr><td>wdsrv.conversion.word.wwintl.dll_1050</td><td>wwintl.dll</td><td>15.0.5023.1000</td><td>1026728</td><td>14-Mar-18</td><td>10:22</td></tr><tr><td>wwintl.dll_1050</td><td>wwintl.dll</td><td>15.0.5023.1000</td><td>1026728</td><td>14-Mar-18</td><td>10:22</td></tr><tr><td>bibform.xml_1038</td><td>bibform.xml</td><td>\u00a0</td><td>112560</td><td>14-Mar-18</td><td>10:58</td></tr><tr><td>wac.word.wwintl.dll_1038</td><td>wwintl.dll</td><td>15.0.5023.1000</td><td>1165480</td><td>14-Mar-18</td><td>10:22</td></tr><tr><td>wdsrv.conversion.word.wwintl.dll_1038</td><td>wwintl.dll</td><td>15.0.5023.1000</td><td>1165480</td><td>14-Mar-18</td><td>10:22</td></tr><tr><td>wwintl.dll_1038</td><td>wwintl.dll</td><td>15.0.5023.1000</td><td>1165480</td><td>14-Mar-18</td><td>10:22</td></tr><tr><td>wac.word.wwintl.dll_1057</td><td>wwintl.dll</td><td>15.0.5023.1000</td><td>946344</td><td>14-Mar-18</td><td>10:22</td></tr><tr><td>wdsrv.conversion.word.wwintl.dll_1057</td><td>wwintl.dll</td><td>15.0.5023.1000</td><td>946344</td><td>14-Mar-18</td><td>10:22</td></tr><tr><td>wwintl.dll_1057</td><td>wwintl.dll</td><td>15.0.5023.1000</td><td>946344</td><td>14-Mar-18</td><td>10:22</td></tr><tr><td>bibform.xml_1040</td><td>bibform.xml</td><td>\u00a0</td><td>112426</td><td>14-Mar-18</td><td>10:58</td></tr><tr><td>wac.word.wwintl.dll_1040</td><td>wwintl.dll</td><td>15.0.5023.1000</td><td>1027240</td><td>14-Mar-18</td><td>10:22</td></tr><tr><td>wdsrv.conversion.word.wwintl.dll_1040</td><td>wwintl.dll</td><td>15.0.5023.1000</td><td>1027240</td><td>14-Mar-18</td><td>10:22</td></tr><tr><td>wwintl.dll_1040</td><td>wwintl.dll</td><td>15.0.5023.1000</td><td>1027240</td><td>14-Mar-18</td><td>10:22</td></tr><tr><td>bibform.xml_1041</td><td>bibform.xml</td><td>\u00a0</td><td>97202</td><td>14-Mar-18</td><td>10:57</td></tr><tr><td>wac.word.wwintl.dll_1041</td><td>wwintl.dll</td><td>15.0.5023.1000</td><td>1084072</td><td>14-Mar-18</td><td>10:22</td></tr><tr><td>wdsrv.conversion.word.wwintl.dll_1041</td><td>wwintl.dll</td><td>15.0.5023.1000</td><td>1084072</td><td>14-Mar-18</td><td>10:22</td></tr><tr><td>wwintl.dll_1041</td><td>wwintl.dll</td><td>15.0.5023.1000</td><td>1084072</td><td>14-Mar-18</td><td>10:22</td></tr><tr><td>wac.word.wwintl.dll_1087</td><td>wwintl.dll</td><td>15.0.5023.1000</td><td>1104544</td><td>14-Mar-18</td><td>10:22</td></tr><tr><td>wdsrv.conversion.word.wwintl.dll_1087</td><td>wwintl.dll</td><td>15.0.5023.1000</td><td>1104544</td><td>14-Mar-18</td><td>10:22</td></tr><tr><td>wwintl.dll_1087</td><td>wwintl.dll</td><td>15.0.5023.1000</td><td>1104544</td><td>14-Mar-18</td><td>10:22</td></tr><tr><td>bibform.xml_1042</td><td>bibform.xml</td><td>\u00a0</td><td>97630</td><td>14-Mar-18</td><td>10:58</td></tr><tr><td>wac.word.wwintl.dll_1042</td><td>wwintl.dll</td><td>15.0.5023.1000</td><td>1083560</td><td>14-Mar-18</td><td>10:22</td></tr><tr><td>wdsrv.conversion.word.wwintl.dll_1042</td><td>wwintl.dll</td><td>15.0.5023.1000</td><td>1083560</td><td>14-Mar-18</td><td>10:22</td></tr><tr><td>wwintl.dll_1042</td><td>wwintl.dll</td><td>15.0.5023.1000</td><td>1083560</td><td>14-Mar-18</td><td>10:22</td></tr><tr><td>wac.word.wwintl.dll_1063</td><td>wwintl.dll</td><td>15.0.5023.1000</td><td>1085608</td><td>14-Mar-18</td><td>10:22</td></tr><tr><td>wdsrv.conversion.word.wwintl.dll_1063</td><td>wwintl.dll</td><td>15.0.5023.1000</td><td>1085608</td><td>14-Mar-18</td><td>10:22</td></tr><tr><td>wwintl.dll_1063</td><td>wwintl.dll</td><td>15.0.5023.1000</td><td>1085608</td><td>14-Mar-18</td><td>10:22</td></tr><tr><td>bibform.xml_1062</td><td>bibform.xml</td><td>\u00a0</td><td>114514</td><td>14-Mar-18</td><td>10:59</td></tr><tr><td>wac.word.wwintl.dll_1062</td><td>wwintl.dll</td><td>15.0.5023.1000</td><td>1061544</td><td>14-Mar-18</td><td>10:22</td></tr><tr><td>wdsrv.conversion.word.wwintl.dll_1062</td><td>wwintl.dll</td><td>15.0.5023.1000</td><td>1061544</td><td>14-Mar-18</td><td>10:22</td></tr><tr><td>wwintl.dll_1062</td><td>wwintl.dll</td><td>15.0.5023.1000</td><td>1061544</td><td>14-Mar-18</td><td>10:22</td></tr><tr><td>wac.word.wwintl.dll_1086</td><td>wwintl.dll</td><td>15.0.5023.1000</td><td>949928</td><td>14-Mar-18</td><td>10:22</td></tr><tr><td>wdsrv.conversion.word.wwintl.dll_1086</td><td>wwintl.dll</td><td>15.0.5023.1000</td><td>949928</td><td>14-Mar-18</td><td>10:22</td></tr><tr><td>wwintl.dll_1086</td><td>wwintl.dll</td><td>15.0.5023.1000</td><td>949928</td><td>14-Mar-18</td><td>10:22</td></tr><tr><td>wac.word.wwintl.dll_1044</td><td>wwintl.dll</td><td>15.0.5023.1000</td><td>994472</td><td>14-Mar-18</td><td>10:22</td></tr><tr><td>wdsrv.conversion.word.wwintl.dll_1044</td><td>wwintl.dll</td><td>15.0.5023.1000</td><td>994472</td><td>14-Mar-18</td><td>10:22</td></tr><tr><td>wwintl.dll_1044</td><td>wwintl.dll</td><td>15.0.5023.1000</td><td>994472</td><td>14-Mar-18</td><td>10:22</td></tr><tr><td>bibform.xml_1043</td><td>bibform.xml</td><td>\u00a0</td><td>113208</td><td>14-Mar-18</td><td>10:59</td></tr><tr><td>wac.word.wwintl.dll_1043</td><td>wwintl.dll</td><td>15.0.5023.1000</td><td>1011880</td><td>14-Mar-18</td><td>10:22</td></tr><tr><td>wdsrv.conversion.word.wwintl.dll_1043</td><td>wwintl.dll</td><td>15.0.5023.1000</td><td>1011880</td><td>14-Mar-18</td><td>10:22</td></tr><tr><td>wwintl.dll_1043</td><td>wwintl.dll</td><td>15.0.5023.1000</td><td>1011880</td><td>14-Mar-18</td><td>10:22</td></tr><tr><td>wac.word.wwintl.dll_1045</td><td>wwintl.dll</td><td>15.0.5023.1000</td><td>1123496</td><td>14-Mar-18</td><td>10:22</td></tr><tr><td>wdsrv.conversion.word.wwintl.dll_1045</td><td>wwintl.dll</td><td>15.0.5023.1000</td><td>1123496</td><td>14-Mar-18</td><td>10:22</td></tr><tr><td>wwintl.dll_1045</td><td>wwintl.dll</td><td>15.0.5023.1000</td><td>1123496</td><td>14-Mar-18</td><td>10:22</td></tr><tr><td>bibform.xml_1046</td><td>bibform.xml</td><td>\u00a0</td><td>111828</td><td>14-Mar-18</td><td>10:59</td></tr><tr><td>wac.word.wwintl.dll_1046</td><td>wwintl.dll</td><td>15.0.5023.1000</td><td>1029288</td><td>14-Mar-18</td><td>10:22</td></tr><tr><td>wdsrv.conversion.word.wwintl.dll_1046</td><td>wwintl.dll</td><td>15.0.5023.1000</td><td>1029288</td><td>14-Mar-18</td><td>10:22</td></tr><tr><td>wwintl.dll_1046</td><td>wwintl.dll</td><td>15.0.5023.1000</td><td>1029288</td><td>14-Mar-18</td><td>10:22</td></tr><tr><td>wac.word.wwintl.dll_2070</td><td>wwintl.dll</td><td>15.0.5023.1000</td><td>1042600</td><td>14-Mar-18</td><td>10:22</td></tr><tr><td>wdsrv.conversion.word.wwintl.dll_2070</td><td>wwintl.dll</td><td>15.0.5023.1000</td><td>1042600</td><td>14-Mar-18</td><td>10:22</td></tr><tr><td>wwintl.dll_2070</td><td>wwintl.dll</td><td>15.0.5023.1000</td><td>1042600</td><td>14-Mar-18</td><td>10:22</td></tr><tr><td>wac.word.wwintl.dll_1048</td><td>wwintl.dll</td><td>15.0.5023.1000</td><td>1164456</td><td>14-Mar-18</td><td>10:22</td></tr><tr><td>wdsrv.conversion.word.wwintl.dll_1048</td><td>wwintl.dll</td><td>15.0.5023.1000</td><td>1164456</td><td>14-Mar-18</td><td>10:22</td></tr><tr><td>wwintl.dll_1048</td><td>wwintl.dll</td><td>15.0.5023.1000</td><td>1164456</td><td>14-Mar-18</td><td>10:22</td></tr><tr><td>bibform.xml_1049</td><td>bibform.xml</td><td>\u00a0</td><td>112712</td><td>14-Mar-18</td><td>10:59</td></tr><tr><td>wac.word.wwintl.dll_1049</td><td>wwintl.dll</td><td>15.0.5023.1000</td><td>1049768</td><td>14-Mar-18</td><td>10:22</td></tr><tr><td>wdsrv.conversion.word.wwintl.dll_1049</td><td>wwintl.dll</td><td>15.0.5023.1000</td><td>1049768</td><td>14-Mar-18</td><td>10:22</td></tr><tr><td>wwintl.dll_1049</td><td>wwintl.dll</td><td>15.0.5023.1000</td><td>1049768</td><td>14-Mar-18</td><td>10:22</td></tr><tr><td>bibform.xml_1051</td><td>bibform.xml</td><td>\u00a0</td><td>111034</td><td>14-Mar-18</td><td>10:59</td></tr><tr><td>wac.word.wwintl.dll_1051</td><td>wwintl.dll</td><td>15.0.5023.1000</td><td>1162920</td><td>14-Mar-18</td><td>10:22</td></tr><tr><td>wdsrv.conversion.word.wwintl.dll_1051</td><td>wwintl.dll</td><td>15.0.5023.1000</td><td>1162920</td><td>14-Mar-18</td><td>10:22</td></tr><tr><td>wwintl.dll_1051</td><td>wwintl.dll</td><td>15.0.5023.1000</td><td>1162920</td><td>14-Mar-18</td><td>10:22</td></tr><tr><td>wac.word.wwintl.dll_1060</td><td>wwintl.dll</td><td>15.0.5023.1000</td><td>1050280</td><td>14-Mar-18</td><td>10:22</td></tr><tr><td>wdsrv.conversion.word.wwintl.dll_1060</td><td>wwintl.dll</td><td>15.0.5023.1000</td><td>1050280</td><td>14-Mar-18</td><td>10:22</td></tr><tr><td>wwintl.dll_1060</td><td>wwintl.dll</td><td>15.0.5023.1000</td><td>1050280</td><td>14-Mar-18</td><td>10:22</td></tr><tr><td>wac.word.wwintl.dll_2074</td><td>wwintl.dll</td><td>15.0.5023.1000</td><td>1083048</td><td>14-Mar-18</td><td>10:22</td></tr><tr><td>wdsrv.conversion.word.wwintl.dll_2074</td><td>wwintl.dll</td><td>15.0.5023.1000</td><td>1083048</td><td>14-Mar-18</td><td>10:22</td></tr><tr><td>wwintl.dll_2074</td><td>wwintl.dll</td><td>15.0.5023.1000</td><td>1083048</td><td>14-Mar-18</td><td>10:22</td></tr><tr><td>wac.word.wwintl.dll_1053</td><td>wwintl.dll</td><td>15.0.5023.1000</td><td>992424</td><td>14-Mar-18</td><td>10:22</td></tr><tr><td>wdsrv.conversion.word.wwintl.dll_1053</td><td>wwintl.dll</td><td>15.0.5023.1000</td><td>992424</td><td>14-Mar-18</td><td>10:22</td></tr><tr><td>wwintl.dll_1053</td><td>wwintl.dll</td><td>15.0.5023.1000</td><td>992424</td><td>14-Mar-18</td><td>10:22</td></tr><tr><td>wac.word.wwintl.dll_1054</td><td>wwintl.dll</td><td>15.0.5023.1000</td><td>1012904</td><td>14-Mar-18</td><td>10:22</td></tr><tr><td>wdsrv.conversion.word.wwintl.dll_1054</td><td>wwintl.dll</td><td>15.0.5023.1000</td><td>1012904</td><td>14-Mar-18</td><td>10:22</td></tr><tr><td>wwintl.dll_1054</td><td>wwintl.dll</td><td>15.0.5023.1000</td><td>1012904</td><td>14-Mar-18</td><td>10:22</td></tr><tr><td>wac.word.wwintl.dll_1055</td><td>wwintl.dll</td><td>15.0.5023.1000</td><td>1120424</td><td>14-Mar-18</td><td>10:22</td></tr><tr><td>wdsrv.conversion.word.wwintl.dll_1055</td><td>wwintl.dll</td><td>15.0.5023.1000</td><td>1120424</td><td>14-Mar-18</td><td>10:22</td></tr><tr><td>wwintl.dll_1055</td><td>wwintl.dll</td><td>15.0.5023.1000</td><td>1120424</td><td>14-Mar-18</td><td>10:22</td></tr><tr><td>wac.word.wwintl.dll_1058</td><td>wwintl.dll</td><td>15.0.5023.1000</td><td>1056424</td><td>14-Mar-18</td><td>10:22</td></tr><tr><td>wdsrv.conversion.word.wwintl.dll_1058</td><td>wwintl.dll</td><td>15.0.5023.1000</td><td>1056424</td><td>14-Mar-18</td><td>10:22</td></tr><tr><td>wwintl.dll_1058</td><td>wwintl.dll</td><td>15.0.5023.1000</td><td>1056424</td><td>14-Mar-18</td><td>10:22</td></tr><tr><td>bibform.xml_1066</td><td>bibform.xml</td><td>\u00a0</td><td>113620</td><td>14-Mar-18</td><td>10:59</td></tr><tr><td>wac.word.wwintl.dll_1066</td><td>wwintl.dll</td><td>15.0.5023.1000</td><td>1152680</td><td>14-Mar-18</td><td>10:22</td></tr><tr><td>wdsrv.conversion.word.wwintl.dll_1066</td><td>wwintl.dll</td><td>15.0.5023.1000</td><td>1152680</td><td>14-Mar-18</td><td>10:22</td></tr><tr><td>wwintl.dll_1066</td><td>wwintl.dll</td><td>15.0.5023.1000</td><td>1152680</td><td>14-Mar-18</td><td>10:22</td></tr><tr><td>bibform.xml_2052</td><td>bibform.xml</td><td>\u00a0</td><td>96830</td><td>14-Mar-18</td><td>10:59</td></tr><tr><td>wac.word.wwintl.dll_2052</td><td>wwintl.dll</td><td>15.0.5023.1000</td><td>902824</td><td>14-Mar-18</td><td>10:22</td></tr><tr><td>wdsrv.conversion.word.wwintl.dll_2052</td><td>wwintl.dll</td><td>15.0.5023.1000</td><td>902824</td><td>14-Mar-18</td><td>10:22</td></tr><tr><td>wwintl.dll_2052</td><td>wwintl.dll</td><td>15.0.5023.1000</td><td>902824</td><td>14-Mar-18</td><td>10:22</td></tr><tr><td>bibform.xml_1028</td><td>bibform.xml</td><td>\u00a0</td><td>96804</td><td>14-Mar-18</td><td>10:59</td></tr><tr><td>wac.word.wwintl.dll_1028</td><td>wwintl.dll</td><td>15.0.5023.1000</td><td>916648</td><td>14-Mar-18</td><td>10:22</td></tr><tr><td>wdsrv.conversion.word.wwintl.dll_1028</td><td>wwintl.dll</td><td>15.0.5023.1000</td><td>916648</td><td>14-Mar-18</td><td>10:22</td></tr><tr><td>wwintl.dll_1028</td><td>wwintl.dll</td><td>15.0.5023.1000</td><td>916648</td><td>14-Mar-18</td><td>10:22</td></tr><tr><td>document_parts.dot_1025</td><td>built-in building blocks.dotx</td><td>\u00a0</td><td>3633666</td><td>14-Mar-18</td><td>10:57</td></tr><tr><td>document_parts.dot_1026</td><td>built-in building blocks.dotx</td><td>\u00a0</td><td>3637449</td><td>14-Mar-18</td><td>10:57</td></tr><tr><td>document_parts.dot_1029</td><td>built-in building blocks.dotx</td><td>\u00a0</td><td>3618985</td><td>14-Mar-18</td><td>10:57</td></tr><tr><td>document_parts.dot_1030</td><td>built-in building blocks.dotx</td><td>\u00a0</td><td>3608062</td><td>14-Mar-18</td><td>10:57</td></tr><tr><td>document_parts.dot_1031</td><td>built-in building blocks.dotx</td><td>\u00a0</td><td>3603386</td><td>14-Mar-18</td><td>10:57</td></tr><tr><td>document_parts.dot_1032</td><td>built-in building blocks.dotx</td><td>\u00a0</td><td>3653167</td><td>14-Mar-18</td><td>10:57</td></tr><tr><td>document_parts.dot_3082</td><td>built-in building blocks.dotx</td><td>\u00a0</td><td>3612006</td><td>14-Mar-18</td><td>10:57</td></tr><tr><td>document_parts.dot_1061</td><td>built-in building blocks.dotx</td><td>\u00a0</td><td>3604130</td><td>14-Mar-18</td><td>10:57</td></tr><tr><td>document_parts.dot_1035</td><td>built-in building blocks.dotx</td><td>\u00a0</td><td>3603428</td><td>14-Mar-18</td><td>10:57</td></tr><tr><td>document_parts.dot_1036</td><td>built-in building blocks.dotx</td><td>\u00a0</td><td>3619560</td><td>14-Mar-18</td><td>10:58</td></tr><tr><td>document_parts.dot_1037</td><td>built-in building blocks.dotx</td><td>\u00a0</td><td>3629591</td><td>14-Mar-18</td><td>10:58</td></tr><tr><td>document_parts.dot_1081</td><td>built-in building blocks.dotx</td><td>\u00a0</td><td>3644334</td><td>14-Mar-18</td><td>10:58</td></tr><tr><td>document_parts.dot_1050</td><td>built-in building blocks.dotx</td><td>\u00a0</td><td>3607442</td><td>14-Mar-18</td><td>10:58</td></tr><tr><td>document_parts.dot_1038</td><td>built-in building blocks.dotx</td><td>\u00a0</td><td>3604785</td><td>14-Mar-18</td><td>10:58</td></tr><tr><td>document_parts.dot_1057</td><td>built-in building blocks.dotx</td><td>\u00a0</td><td>3609041</td><td>14-Mar-18</td><td>10:58</td></tr><tr><td>document_parts.dot_1040</td><td>built-in building blocks.dotx</td><td>\u00a0</td><td>3599032</td><td>14-Mar-18</td><td>10:58</td></tr><tr><td>document_parts.dot_1041</td><td>built-in building blocks.dotx</td><td>\u00a0</td><td>3636899</td><td>14-Mar-18</td><td>10:57</td></tr><tr><td>document_parts.dot_1087</td><td>built-in building blocks.dotx</td><td>\u00a0</td><td>3634700</td><td>14-Mar-18</td><td>10:58</td></tr><tr><td>document_parts.dot_1042</td><td>built-in building blocks.dotx</td><td>\u00a0</td><td>3628333</td><td>14-Mar-18</td><td>10:58</td></tr><tr><td>document_parts.dot_1063</td><td>built-in building blocks.dotx</td><td>\u00a0</td><td>3622044</td><td>14-Mar-18</td><td>10:59</td></tr><tr><td>document_parts.dot_1062</td><td>built-in building blocks.dotx</td><td>\u00a0</td><td>3611384</td><td>14-Mar-18</td><td>10:59</td></tr><tr><td>document_parts.dot_1086</td><td>built-in building blocks.dotx</td><td>\u00a0</td><td>3604931</td><td>14-Mar-18</td><td>10:59</td></tr><tr><td>document_parts.dot_1044</td><td>built-in building blocks.dotx</td><td>\u00a0</td><td>3608018</td><td>14-Mar-18</td><td>10:59</td></tr><tr><td>document_parts.dot_1043</td><td>built-in building blocks.dotx</td><td>\u00a0</td><td>3601853</td><td>14-Mar-18</td><td>10:59</td></tr><tr><td>document_parts.dot_1045</td><td>built-in building blocks.dotx</td><td>\u00a0</td><td>3609394</td><td>14-Mar-18</td><td>10:59</td></tr><tr><td>document_parts.dot_1046</td><td>built-in building blocks.dotx</td><td>\u00a0</td><td>3617732</td><td>14-Mar-18</td><td>10:59</td></tr><tr><td>document_parts.dot_2070</td><td>built-in building blocks.dotx</td><td>\u00a0</td><td>3613701</td><td>14-Mar-18</td><td>10:59</td></tr><tr><td>document_parts.dot_1048</td><td>built-in building blocks.dotx</td><td>\u00a0</td><td>3617400</td><td>14-Mar-18</td><td>10:59</td></tr><tr><td>document_parts.dot_1049</td><td>built-in building blocks.dotx</td><td>\u00a0</td><td>3646588</td><td>14-Mar-18</td><td>10:59</td></tr><tr><td>document_parts.dot_1051</td><td>built-in building blocks.dotx</td><td>\u00a0</td><td>3613567</td><td>14-Mar-18</td><td>10:59</td></tr><tr><td>document_parts.dot_1060</td><td>built-in building blocks.dotx</td><td>\u00a0</td><td>3604721</td><td>14-Mar-18</td><td>10:59</td></tr><tr><td>document_parts.dot_2074</td><td>built-in building blocks.dotx</td><td>\u00a0</td><td>3617809</td><td>14-Mar-18</td><td>10:59</td></tr><tr><td>document_parts.dot_1053</td><td>built-in building blocks.dotx</td><td>\u00a0</td><td>3609521</td><td>14-Mar-18</td><td>10:59</td></tr><tr><td>document_parts.dot_1054</td><td>built-in building blocks.dotx</td><td>\u00a0</td><td>3653990</td><td>14-Mar-18</td><td>10:59</td></tr><tr><td>document_parts.dot_1055</td><td>built-in building blocks.dotx</td><td>\u00a0</td><td>3607036</td><td>14-Mar-18</td><td>10:59</td></tr><tr><td>document_parts.dot_1058</td><td>built-in building blocks.dotx</td><td>\u00a0</td><td>3649803</td><td>14-Mar-18</td><td>10:59</td></tr><tr><td>document_parts.dot_1066</td><td>built-in building blocks.dotx</td><td>\u00a0</td><td>3631479</td><td>14-Mar-18</td><td>10:59</td></tr><tr><td>document_parts.dot_2052</td><td>built-in building blocks.dotx</td><td>\u00a0</td><td>3615970</td><td>14-Mar-18</td><td>10:59</td></tr><tr><td>document_parts.dot_1028</td><td>built-in building blocks.dotx</td><td>\u00a0</td><td>3627311</td><td>14-Mar-18</td><td>10:59</td></tr><tr><td>wordicon.exe</td><td>wordicon.exe</td><td>15.0.4553.1000</td><td>3015336</td><td>14-Mar-18</td><td>08:19</td></tr><tr><td>pdfreflow.exe</td><td>pdfreflow.exe</td><td>15.0.4997.1000</td><td>14038712</td><td>14-Mar-18</td><td>08:19</td></tr><tr><td>wwintl.dll.idx_dll_1025</td><td>wwintl.dll.idx_dll</td><td>15.0.4875.1000</td><td>117440</td><td>14-Mar-18</td><td>10:37</td></tr><tr><td>wwintl.rest.idx_dll_1025</td><td>wwintl.rest.idx_dll</td><td>15.0.4885.1000</td><td>526016</td><td>14-Mar-18</td><td>10:37</td></tr><tr><td>wwintl.dll.idx_dll_1026</td><td>wwintl.dll.idx_dll</td><td>15.0.4875.1000</td><td>116928</td><td>14-Mar-18</td><td>10:37</td></tr><tr><td>wwintl.rest.idx_dll_1026</td><td>wwintl.rest.idx_dll</td><td>15.0.4885.1000</td><td>533696</td><td>14-Mar-18</td><td>10:37</td></tr><tr><td>wwintl.dll.idx_dll_1029</td><td>wwintl.dll.idx_dll</td><td>15.0.4875.1000</td><td>116928</td><td>14-Mar-18</td><td>10:37</td></tr><tr><td>wwintl.rest.idx_dll_1029</td><td>wwintl.rest.idx_dll</td><td>15.0.4885.1000</td><td>630976</td><td>14-Mar-18</td><td>10:37</td></tr><tr><td>wwintl.dll.idx_dll_1030</td><td>wwintl.dll.idx_dll</td><td>15.0.4875.1000</td><td>114368</td><td>14-Mar-18</td><td>10:37</td></tr><tr><td>wwintl.rest.idx_dll_1030</td><td>wwintl.rest.idx_dll</td><td>15.0.4937.1000</td><td>620736</td><td>14-Mar-18</td><td>10:37</td></tr><tr><td>wwintl.dll.idx_dll_1031</td><td>wwintl.dll.idx_dll</td><td>15.0.4875.1000</td><td>115904</td><td>14-Mar-18</td><td>10:37</td></tr><tr><td>wwintl.rest.idx_dll_1031</td><td>wwintl.rest.idx_dll</td><td>15.0.4885.1000</td><td>624832</td><td>14-Mar-18</td><td>10:37</td></tr><tr><td>wwintl.dll.idx_dll_1032</td><td>wwintl.dll.idx_dll</td><td>15.0.4875.1000</td><td>115912</td><td>14-Mar-18</td><td>10:37</td></tr><tr><td>wwintl.rest.idx_dll_1032</td><td>wwintl.rest.idx_dll</td><td>15.0.4885.1000</td><td>528064</td><td>14-Mar-18</td><td>10:37</td></tr><tr><td>wwintl.dll.idx_dll_1033</td><td>wwintl.dll.idx_dll</td><td>15.0.4875.1000</td><td>117504</td><td>14-Mar-18</td><td>08:20</td></tr><tr><td>wwintl.rest.idx_dll_1033</td><td>wwintl.rest.idx_dll</td><td>15.0.4569.1501</td><td>628424</td><td>14-Mar-18</td><td>08:20</td></tr><tr><td>wwintl.dll.idx_dll_3082</td><td>wwintl.dll.idx_dll</td><td>15.0.4875.1000</td><td>115392</td><td>14-Mar-18</td><td>10:37</td></tr><tr><td>wwintl.rest.idx_dll_3082</td><td>wwintl.rest.idx_dll</td><td>15.0.4885.1000</td><td>630464</td><td>14-Mar-18</td><td>10:37</td></tr><tr><td>wwintl.dll.idx_dll_1061</td><td>wwintl.dll.idx_dll</td><td>15.0.4875.1000</td><td>116928</td><td>14-Mar-18</td><td>10:37</td></tr><tr><td>wwintl.rest.idx_dll_1061</td><td>wwintl.rest.idx_dll</td><td>15.0.4885.1000</td><td>528064</td><td>14-Mar-18</td><td>10:37</td></tr><tr><td>wwintl.dll.idx_dll_1035</td><td>wwintl.dll.idx_dll</td><td>15.0.4875.1000</td><td>117440</td><td>14-Mar-18</td><td>10:37</td></tr><tr><td>wwintl.rest.idx_dll_1035</td><td>wwintl.rest.idx_dll</td><td>15.0.4569.1504</td><td>621224</td><td>14-Mar-18</td><td>10:37</td></tr><tr><td>wwintl.dll.idx_dll_1036</td><td>wwintl.dll.idx_dll</td><td>15.0.4875.1000</td><td>115392</td><td>14-Mar-18</td><td>10:37</td></tr><tr><td>wwintl.rest.idx_dll_1036</td><td>wwintl.rest.idx_dll</td><td>15.0.4885.1000</td><td>628416</td><td>14-Mar-18</td><td>10:37</td></tr><tr><td>wwintl.dll.idx_dll_1037</td><td>wwintl.dll.idx_dll</td><td>15.0.4875.1000</td><td>116928</td><td>14-Mar-18</td><td>10:37</td></tr><tr><td>wwintl.rest.idx_dll_1037</td><td>wwintl.rest.idx_dll</td><td>15.0.4569.1504</td><td>520360</td><td>14-Mar-18</td><td>10:37</td></tr><tr><td>wwintl.dll.idx_dll_1081</td><td>wwintl.dll.idx_dll</td><td>15.0.4875.1000</td><td>115904</td><td>14-Mar-18</td><td>10:37</td></tr><tr><td>wwintl.rest.idx_dll_1081</td><td>wwintl.rest.idx_dll</td><td>15.0.4885.1000</td><td>524480</td><td>14-Mar-18</td><td>10:37</td></tr><tr><td>wwintl.dll.idx_dll_1050</td><td>wwintl.dll.idx_dll</td><td>15.0.4875.1000</td><td>118984</td><td>14-Mar-18</td><td>10:37</td></tr><tr><td>wwintl.rest.idx_dll_1050</td><td>wwintl.rest.idx_dll</td><td>15.0.4569.1504</td><td>625832</td><td>14-Mar-18</td><td>10:37</td></tr><tr><td>wwintl.dll.idx_dll_1038</td><td>wwintl.dll.idx_dll</td><td>15.0.4875.1000</td><td>116416</td><td>14-Mar-18</td><td>10:37</td></tr><tr><td>wwintl.rest.idx_dll_1038</td><td>wwintl.rest.idx_dll</td><td>15.0.4885.1000</td><td>623808</td><td>14-Mar-18</td><td>10:37</td></tr><tr><td>wwintl.dll.idx_dll_1057</td><td>wwintl.dll.idx_dll</td><td>15.0.4875.1000</td><td>116928</td><td>14-Mar-18</td><td>10:37</td></tr><tr><td>wwintl.rest.idx_dll_1057</td><td>wwintl.rest.idx_dll</td><td>15.0.4885.1000</td><td>531136</td><td>14-Mar-18</td><td>10:37</td></tr><tr><td>wwintl.dll.idx_dll_1040</td><td>wwintl.dll.idx_dll</td><td>15.0.4875.1000</td><td>114880</td><td>14-Mar-18</td><td>10:37</td></tr><tr><td>wwintl.rest.idx_dll_1040</td><td>wwintl.rest.idx_dll</td><td>15.0.4569.1504</td><td>620712</td><td>14-Mar-18</td><td>10:37</td></tr><tr><td>wwintl.dll.idx_dll_1041</td><td>wwintl.dll.idx_dll</td><td>15.0.4875.1000</td><td>115392</td><td>14-Mar-18</td><td>10:37</td></tr><tr><td>wwintl.rest.idx_dll_1041</td><td>wwintl.rest.idx_dll</td><td>15.0.4569.1504</td><td>496296</td><td>14-Mar-18</td><td>10:37</td></tr><tr><td>wwintl.dll.idx_dll_1087</td><td>wwintl.dll.idx_dll</td><td>15.0.4875.1000</td><td>113352</td><td>14-Mar-18</td><td>10:37</td></tr><tr><td>wwintl.rest.idx_dll_1087</td><td>wwintl.rest.idx_dll</td><td>15.0.4885.1000</td><td>525504</td><td>14-Mar-18</td><td>10:37</td></tr><tr><td>wwintl.dll.idx_dll_1042</td><td>wwintl.dll.idx_dll</td><td>15.0.4875.1000</td><td>113344</td><td>14-Mar-18</td><td>10:37</td></tr><tr><td>wwintl.rest.idx_dll_1042</td><td>wwintl.rest.idx_dll</td><td>15.0.4885.1000</td><td>511680</td><td>14-Mar-18</td><td>10:37</td></tr><tr><td>wwintl.dll.idx_dll_1063</td><td>wwintl.dll.idx_dll</td><td>15.0.4875.1000</td><td>117440</td><td>14-Mar-18</td><td>10:37</td></tr><tr><td>wwintl.rest.idx_dll_1063</td><td>wwintl.rest.idx_dll</td><td>15.0.4569.1504</td><td>522408</td><td>14-Mar-18</td><td>10:37</td></tr><tr><td>wwintl.dll.idx_dll_1062</td><td>wwintl.dll.idx_dll</td><td>15.0.4875.1000</td><td>118976</td><td>14-Mar-18</td><td>10:37</td></tr><tr><td>wwintl.rest.idx_dll_1062</td><td>wwintl.rest.idx_dll</td><td>15.0.4885.1000</td><td>532672</td><td>14-Mar-18</td><td>10:37</td></tr><tr><td>wwintl.dll.idx_dll_1086</td><td>wwintl.dll.idx_dll</td><td>15.0.4875.1000</td><td>116928</td><td>14-Mar-18</td><td>10:37</td></tr><tr><td>wwintl.rest.idx_dll_1086</td><td>wwintl.rest.idx_dll</td><td>15.0.4885.1000</td><td>530112</td><td>14-Mar-18</td><td>10:37</td></tr><tr><td>wwintl.dll.idx_dll_1044</td><td>wwintl.dll.idx_dll</td><td>15.0.4875.1000</td><td>114880</td><td>14-Mar-18</td><td>10:37</td></tr><tr><td>wwintl.rest.idx_dll_1044</td><td>wwintl.rest.idx_dll</td><td>15.0.4569.1504</td><td>614056</td><td>14-Mar-18</td><td>10:37</td></tr><tr><td>wwintl.dll.idx_dll_1043</td><td>wwintl.dll.idx_dll</td><td>15.0.4875.1000</td><td>114888</td><td>14-Mar-18</td><td>10:37</td></tr><tr><td>wwintl.rest.idx_dll_1043</td><td>wwintl.rest.idx_dll</td><td>15.0.4945.1000</td><td>625864</td><td>14-Mar-18</td><td>10:37</td></tr><tr><td>wwintl.dll.idx_dll_1045</td><td>wwintl.dll.idx_dll</td><td>15.0.4875.1000</td><td>117952</td><td>14-Mar-18</td><td>10:37</td></tr><tr><td>wwintl.rest.idx_dll_1045</td><td>wwintl.rest.idx_dll</td><td>15.0.4885.1000</td><td>528064</td><td>14-Mar-18</td><td>10:37</td></tr><tr><td>wwintl.dll.idx_dll_1046</td><td>wwintl.dll.idx_dll</td><td>15.0.4875.1000</td><td>118464</td><td>14-Mar-18</td><td>10:37</td></tr><tr><td>wwintl.rest.idx_dll_1046</td><td>wwintl.rest.idx_dll</td><td>15.0.4885.1000</td><td>637120</td><td>14-Mar-18</td><td>10:37</td></tr><tr><td>wwintl.dll.idx_dll_2070</td><td>wwintl.dll.idx_dll</td><td>15.0.4875.1000</td><td>118464</td><td>14-Mar-18</td><td>10:37</td></tr><tr><td>wwintl.rest.idx_dll_2070</td><td>wwintl.rest.idx_dll</td><td>15.0.4885.1000</td><td>637632</td><td>14-Mar-18</td><td>10:37</td></tr><tr><td>wwintl.dll.idx_dll_1048</td><td>wwintl.dll.idx_dll</td><td>15.0.4875.1000</td><td>117440</td><td>14-Mar-18</td><td>10:37</td></tr><tr><td>wwintl.rest.idx_dll_1048</td><td>wwintl.rest.idx_dll</td><td>15.0.4569.1504</td><td>618664</td><td>14-Mar-18</td><td>10:37</td></tr><tr><td>wwintl.dll.idx_dll_1049</td><td>wwintl.dll.idx_dll</td><td>15.0.4875.1000</td><td>115904</td><td>14-Mar-18</td><td>10:37</td></tr><tr><td>wwintl.rest.idx_dll_1049</td><td>wwintl.rest.idx_dll</td><td>15.0.4569.1504</td><td>514728</td><td>14-Mar-18</td><td>10:37</td></tr><tr><td>wwintl.dll.idx_dll_1051</td><td>wwintl.dll.idx_dll</td><td>15.0.4875.1000</td><td>117448</td><td>14-Mar-18</td><td>10:37</td></tr><tr><td>wwintl.rest.idx_dll_1051</td><td>wwintl.rest.idx_dll</td><td>15.0.4885.1000</td><td>631488</td><td>14-Mar-18</td><td>10:37</td></tr><tr><td>wwintl.dll.idx_dll_1060</td><td>wwintl.dll.idx_dll</td><td>15.0.4875.1000</td><td>116928</td><td>14-Mar-18</td><td>10:37</td></tr><tr><td>wwintl.rest.idx_dll_1060</td><td>wwintl.rest.idx_dll</td><td>15.0.4569.1504</td><td>612520</td><td>14-Mar-18</td><td>10:37</td></tr><tr><td>wwintl.dll.idx_dll_2074</td><td>wwintl.dll.idx_dll</td><td>15.0.4875.1000</td><td>117952</td><td>14-Mar-18</td><td>10:37</td></tr><tr><td>wwintl.rest.idx_dll_2074</td><td>wwintl.rest.idx_dll</td><td>15.0.4569.1504</td><td>522408</td><td>14-Mar-18</td><td>10:37</td></tr><tr><td>wwintl.dll.idx_dll_1053</td><td>wwintl.dll.idx_dll</td><td>15.0.4875.1000</td><td>114368</td><td>14-Mar-18</td><td>10:37</td></tr><tr><td>wwintl.rest.idx_dll_1053</td><td>wwintl.rest.idx_dll</td><td>15.0.4885.1000</td><td>621760</td><td>14-Mar-18</td><td>10:37</td></tr><tr><td>wwintl.dll.idx_dll_1054</td><td>wwintl.dll.idx_dll</td><td>15.0.4875.1000</td><td>114880</td><td>14-Mar-18</td><td>10:37</td></tr><tr><td>wwintl.rest.idx_dll_1054</td><td>wwintl.rest.idx_dll</td><td>15.0.4885.1000</td><td>519872</td><td>14-Mar-18</td><td>10:37</td></tr><tr><td>wwintl.dll.idx_dll_1055</td><td>wwintl.dll.idx_dll</td><td>15.0.4875.1000</td><td>117952</td><td>14-Mar-18</td><td>10:37</td></tr><tr><td>wwintl.rest.idx_dll_1055</td><td>wwintl.rest.idx_dll</td><td>15.0.4569.1504</td><td>625320</td><td>14-Mar-18</td><td>10:37</td></tr><tr><td>wwintl.dll.idx_dll_1058</td><td>wwintl.dll.idx_dll</td><td>15.0.4875.1000</td><td>116928</td><td>14-Mar-18</td><td>10:37</td></tr><tr><td>wwintl.rest.idx_dll_1058</td><td>wwintl.rest.idx_dll</td><td>15.0.4885.1000</td><td>533184</td><td>14-Mar-18</td><td>10:37</td></tr><tr><td>wwintl.dll.idx_dll_1066</td><td>wwintl.dll.idx_dll</td><td>15.0.4875.1000</td><td>117952</td><td>14-Mar-18</td><td>10:37</td></tr><tr><td>wwintl.rest.idx_dll_1066</td><td>wwintl.rest.idx_dll</td><td>15.0.4569.1504</td><td>527528</td><td>14-Mar-18</td><td>10:37</td></tr><tr><td>wwintl.dll.idx_dll_2052</td><td>wwintl.dll.idx_dll</td><td>15.0.4875.1000</td><td>116416</td><td>14-Mar-18</td><td>10:37</td></tr><tr><td>wwintl.rest.idx_dll_2052</td><td>wwintl.rest.idx_dll</td><td>15.0.4885.1000</td><td>517312</td><td>14-Mar-18</td><td>10:37</td></tr><tr><td>wwintl.dll.idx_dll_1028</td><td>wwintl.dll.idx_dll</td><td>15.0.4875.1000</td><td>114368</td><td>14-Mar-18</td><td>10:37</td></tr><tr><td>wwintl.rest.idx_dll_1028</td><td>wwintl.rest.idx_dll</td><td>15.0.4885.1000</td><td>516800</td><td>14-Mar-18</td><td>10:37</td></tr><tr><td>winword.veman.xml</td><td>winword.visualelementsmanifest.xml</td><td>\u00a0</td><td>342</td><td>14-Mar-18</td><td>08:19</td></tr><tr><td>winword.veman.xml</td><td>winwordd.visualelementsmanifest.xml</td><td>\u00a0</td><td>342</td><td>14-Mar-18</td><td>08:19</td></tr><tr><td>bibform.xml_1033</td><td>bibform.xml</td><td>\u00a0</td><td>111310</td><td>14-Mar-18</td><td>08:21</td></tr><tr><td>wac.word.wwintl.dll_1033</td><td>wwintl.dll</td><td>15.0.4875.1000</td><td>874688</td><td>14-Mar-18</td><td>08:20</td></tr><tr><td>wdsrv.conversion.word.wwintl.dll_1033</td><td>wwintl.dll</td><td>15.0.4875.1000</td><td>874688</td><td>14-Mar-18</td><td>08:20</td></tr><tr><td>wwintl.dll_1033</td><td>wwintl.dll</td><td>15.0.4875.1000</td><td>874688</td><td>14-Mar-18</td><td>08:20</td></tr><tr><td>msword.olb</td><td>msword.olb</td><td>\u00a0</td><td>925344</td><td>14-Mar-18</td><td>08:19</td></tr><tr><td>winword.exe</td><td>winword.exe</td><td>15.0.5023.1000</td><td>1933992</td><td>14-Mar-18</td><td>08:19</td></tr><tr><td>wrd12cnv.dll</td><td>wordcnv.dll</td><td>15.0.5023.1000</td><td>8320680</td><td>14-Mar-18</td><td>08:19</td></tr><tr><td>wrd12pxy.cnv</td><td>wordcnvpxy.cnv</td><td>\u00a0</td><td>30784</td><td>14-Mar-18</td><td>08:19</td></tr><tr><td>wrd12exe.exe</td><td>wordconv.exe</td><td>15.0.4454.1000</td><td>26192</td><td>14-Mar-18</td><td>08:19</td></tr><tr><td>wwlib.dll</td><td>wwlib.dll</td><td>15.0.5023.1000</td><td>27952296</td><td>14-Mar-18</td><td>08:19</td></tr></tbody></table><h2>How to get help and support for this security update</h2><p class=\"ng-scope\"><span><span><span><span>Help for installing updates: <a aria-live=\"rude\" bookmark-id=\"\" data-bi-name=\"content-anchor-link\" data-content-id=\"\" data-content-type=\"\" href=\"https://support.microsoft.com/ph/6527\" managed-link=\"\" target=\"_self\"><span><span><span>Windows Update: FAQ</span></span></span></a><br/><br/>Security solutions for IT professionals: <a aria-live=\"rude\" bookmark-id=\"\" data-bi-name=\"content-anchor-link\" data-content-id=\"\" data-content-type=\"\" href=\"https://technet.microsoft.com/security/bb980617.aspx\" managed-link=\"\" target=\"_self\"><span><span><span>Security Support and Troubleshooting</span></span></span></a><br/><br/>Help for protecting your Windows-based computer from viruses and malware: <a aria-live=\"rude\" bookmark-id=\"\" data-bi-name=\"content-anchor-link\" data-content-id=\"\" data-content-type=\"\" href=\"https://support.microsoft.com/contactus/cu_sc_virsec_master\" managed-link=\"\" target=\"_self\"><span><span><span>Microsoft Secure</span></span></span></a><br/><br/>Local support according to your country: <a aria-live=\"rude\" bookmark-id=\"\" data-bi-name=\"content-anchor-link\" data-content-id=\"\" data-content-type=\"\" href=\"http://support.microsoft.com/\" managed-link=\"\" target=\"_self\"><span><span><span>International Support</span></span></span></a></span></span></span></span></p><p>Propose a feature or provide feedback on Office Core:\u00a0<a aria-live=\"rude\" bookmark-id=\"\" data-bi-name=\"content-anchor-link\" data-content-id=\"\" data-content-type=\"\" href=\"https://office.uservoice.com/\" managed-link=\"\" tabindex=\"0\" target=\"_self\">Office User Voice portal</a></p></body></html>", "edition": 12, "modified": "2020-04-16T08:56:36", "id": "KB4018347", "href": "https://support.microsoft.com/en-us/help/4018347/", "published": "2018-04-10T00:00:00", "title": "Description of the security update for Word 2013: April 10, 2018", "type": "mskb", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-01T22:41:41", "bulletinFamily": "microsoft", "cvelist": ["CVE-2018-0950"], "description": "<html><body><p>Description of the security update for Office 2010: April 10, 2018</p><h2>Summary</h2><div><p>This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see <a data-content-id=\"\" data-content-type=\"\" href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0950\" target=\"_blank\">Microsoft Common Vulnerabilities and Exposures CVE-2018-0950</a>.<br/><br/><strong>Note</strong> To apply this security update, you must have the release version of <a data-content-id=\"\" data-content-type=\"\" href=\"http://support.microsoft.com/kb/2687455\" target=\"_blank\">Service Pack 2 for Office 2010</a> installed on the computer.</p><main role=\"main\"><article itemscope=\"\" itemtype=\"http://schema.org/TechArticle\" role=\"article\"><section applies-to-saps=\"\" data-grid=\"col-12\" ng-attr-id=\"{{contentSection.meta.id}}\" ng-class=\"{'internal-content': isInternalSection() }\" ng-if=\"typeof(contentSection) !== 'string'\"><p>Be aware that the update in the Microsoft Download Center applies to the Microsoft Installer (.msi)-based edition of Office 2010. It doesn't apply to the Office 2010 Click-to-Run editions, such as Microsoft Office 365 Home. (<a href=\"https://blogs.technet.microsoft.com/office_integration__sharepoint/2016/06/23/determining-your-office-version-msi-vs-c2r/\" tabindex=\"0\" target=\"_blank\">Determining your Office version</a>)</p></section></article></main></div><h2>How to get and install the update</h2><h3>Method 1: Microsoft Update</h3><p>This update is available from Microsoft Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to get security updates automatically, see <a bookmark-id=\"\" data-content-id=\"\" data-content-type=\"\" href=\"https://support.microsoft.com/en-us/help/12373/windows-update-faq\" managed-link=\"\" target=\"_blank\">Windows Update: FAQ</a>.</p><h3>Method 2: Microsoft Update Catalog</h3><p>To get the stand-alone package for this update, go to the <a bookmark-id=\"\" data-content-id=\"\" data-content-type=\"\" href=\"http://www.catalog.update.microsoft.com/Search.aspx?q=KB4018357\" managed-link=\"\" target=\"\">Microsoft Update Catalog</a> website.</p><h3>Method 3: Microsoft Download Center</h3><p>You can get the stand-alone update package through the Microsoft Download Center. Follow the installation instructions on the download page to install the update.</p><ul linespacing=\"1\" style=\"list-style-type:UnorderedBullets\" type=\"UnorderedBullets\"><li><span asset=\"4009805\" contenteditable=\"false\" props='{\"size\":\"full\"}' unselectable=\"on\">4009805</span><a bookmark-id=\"\" data-content-id=\"\" href=\"http://www.microsoft.com/download/details.aspx?familyid=08789693-0ff3-49c0-be08-169bbffa1d59\" managed-link=\"\">Download security update 4018357 for the 32-bit version of Office 2010</a></li><li><span asset=\"4009805\" contenteditable=\"false\" props='{\"size\":\"full\"}' unselectable=\"on\">4009805</span><a bookmark-id=\"\" data-content-id=\"\" href=\"http://www.microsoft.com/download/details.aspx?familyid=e32b4aa2-4f4f-46e6-b80d-a9bfb224e576\" managed-link=\"\">Download security update 4018357 for the 64-bit version of Office 2010</a></li></ul><h2>More Information</h2><h3>Security update deployment information</h3><p>For deployment information about this update, see <a href=\"https://support.microsoft.com/en-us/help/20180410\">security update deployment information: April 10, 2018</a>.</p><h3>Security update replacement information</h3><p>This security update replaces previously released security update <a bookmark-id=\"\" data-content-id=\"\" data-content-type=\"\" href=\"http://support.microsoft.com/kb/4011673\" managed-link=\"\" target=\"\">4011673</a>.</p><h3>File hash information</h3><table class=\"table\"><tbody><tr><th>Package name</th><th>Package hash SHA 1</th><th>Package hash SHA 2</th></tr><tr><td>kb24286772010-kb4018357-fullfile-x86-glb.exe</td><td>B0ABBF080260B470852284E06FF6AC6C21FCC2AD</td><td>1EED7651F670B911B6FA0F4FC09B95F17DF722D1FC2C1D63A082C2D75295CAD7</td></tr><tr><td>kb24286772010-kb4018357-fullfile-x64-glb.exe</td><td>5E33D9DF421386E2811BE2EEC6F35931232C4F99</td><td>76A771A7EF905A614305C74F836A76EAC774AB509170832A350704E6A7C3A36E</td></tr></tbody></table><h3><br/>File information</h3><p>The English version of this security update has the file attributes (or later file attributes) that are listed in the following table.</p><h4>For all supported x86-based versions of Office 2010</h4><table class=\"table\"><tbody><tr><th>File identifier</th><th>File name</th><th>File version</th><th>File size</th><th>Date</th><th>Time</th></tr><tr><td>wwlibcxm.dll</td><td>wwlibcxm.dll</td><td>14.0.7197.5000</td><td>19,048,104</td><td>17-Mar-2018</td><td>09:29</td></tr></tbody></table><h4>For all supported x64-based versions of Office 2010</h4><table class=\"table\"><tbody><tr><th>File identifier</th><th>File name</th><th>File version</th><th>File size</th><th>Date</th><th>Time</th></tr><tr><td>wwlibcxm.dll</td><td>wwlibcxm.dll</td><td>14.0.7197.5000</td><td>24,537,768</td><td>17-Mar-2018</td><td>09:26</td></tr></tbody></table><h2>How to get help and support for this security update</h2><p>Help for installing updates: <a bookmark-id=\"\" data-content-id=\"\" data-content-type=\"\" href=\"https://support.microsoft.com/ph/6527\" managed-link=\"\" target=\"\">Support for Microsoft Update</a></p><p>Security solutions for IT professionals: <a bookmark-id=\"\" data-content-id=\"\" data-content-type=\"\" href=\"https://technet.microsoft.com/security/bb980617.aspx\" managed-link=\"\" target=\"\">TechNet Security Troubleshooting and Support</a></p><p>Help for protecting your Windows-based computer from viruses and malware: <a bookmark-id=\"\" data-content-id=\"\" data-content-type=\"\" href=\"https://support.microsoft.com/contactus/cu_sc_virsec_master\" managed-link=\"\" target=\"\">Virus Solution and Security Center</a></p><p>Local support according to your country: <a bookmark-id=\"\" data-content-id=\"\" data-content-type=\"\" href=\"http://support.microsoft.com\" managed-link=\"\" target=\"\">International Support</a></p><p><span><span>Propose a feature or provide feedback on Office: <a href=\"https://office.uservoice.com/\" target=\"_blank\">Office User Voice portal</a></span></span></p></body></html>", "edition": 11, "modified": "2020-04-16T09:11:10", "id": "KB4018357", "href": "https://support.microsoft.com/en-us/help/4018357/", "published": "2018-04-10T00:00:00", "title": "Description of the security update for Office 2010: April 10, 2018", "type": "mskb", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-01T22:39:56", "bulletinFamily": "microsoft", "cvelist": ["CVE-2018-0950"], "description": "<html><body><p>Description of the security update for Microsoft Office Compatibility Pack Service Pack 3: April 10, 2018</p><h2>Summary</h2><div><p>This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see <a data-content-id=\"\" data-content-type=\"\" href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0950\" target=\"_blank\">Microsoft Common Vulnerabilities and Exposures CVE-2018-0950</a>.<br/><br/><strong>Note</strong> To apply this security update, you must have the release version of <a data-content-id=\"\" data-content-type=\"\" href=\"http://support.microsoft.com/kb/949585\" target=\"_blank\">Service Pack 3 for the 2007 Microsoft Office Suite</a> installed on the computer.</p></div><h2>How to get and install the update</h2><h3>Method 1: Microsoft Update</h3><p>This update is available from Microsoft Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to get security updates automatically, see <a bookmark-id=\"\" data-content-id=\"\" data-content-type=\"\" href=\"https://support.microsoft.com/en-us/help/12373/windows-update-faq\" managed-link=\"\" target=\"_blank\">Windows Update: FAQ</a>.</p><h3>Method 2: Microsoft Update Catalog</h3><p>To get the stand-alone package for this update, go to the <a bookmark-id=\"\" data-content-id=\"\" data-content-type=\"\" href=\"http://www.catalog.update.microsoft.com/Search.aspx?q=KB4018354\" managed-link=\"\" target=\"\">Microsoft Update Catalog</a> website.</p><h3>Method 3: Microsoft Download Center</h3><p>You can get the stand-alone update package through the Microsoft Download Center. Follow the installation instructions on the download page to install the update.</p><ul linespacing=\"1\" style=\"list-style-type:UnorderedBullets\" type=\"UnorderedBullets\"><li><span asset=\"4009805\" contenteditable=\"false\" props='{\"size\":\"full\"}' unselectable=\"on\">4009805</span><a bookmark-id=\"\" data-content-id=\"\" href=\"http://www.microsoft.com/download/details.aspx?familyid=c6fd1491-d0f0-4667-be62-a37b3f7069c7\" managed-link=\"\">Download\u00a0security update 4018354 for the 32-bit version of Microsoft Office Compatibility Pack Service Pack 3</a></li></ul><h2>More Information</h2><h3>Security update deployment information</h3><p>For deployment information about this update, see <a href=\"https://support.microsoft.com/en-us/help/20180410\">security update deployment information: April 10, 2018</a>.</p><h3>Security update replacement information</h3><p>This security update replaces previously released security update <a bookmark-id=\"\" data-content-id=\"\" data-content-type=\"\" href=\"http://support.microsoft.com/kb/4011720\" managed-link=\"\" target=\"\">4011720</a>.</p><h3>File hash information</h3><table class=\"table\"><tbody><tr><th>Package name</th><th>Package hash SHA 1</th><th>Package hash SHA 2</th></tr><tr><td>wordconv2007-kb4018354-fullfile-x86-glb.exe</td><td>B199B9DBD9F55DB9C56DA2471BEAF38146D5D8AB</td><td>90533284362193E1D1A6491B4E9405953220A1B5FCD8D282D00E6D26E2C81293</td></tr></tbody></table><h3><br/>File information</h3><p>The English version of this security update has the file attributes (or later file attributes) that are listed in the following table.</p><h4>For all supported x86-based versions of Microsoft Office Compatibility Pack Service Pack 3</h4><table class=\"table\"><tbody><tr><th>File identifier</th><th>File name</th><th>File version</th><th>File size</th><th>Date</th><th>Time</th></tr><tr><td>wrd12cnv.dll</td><td>wordcnv.dll</td><td>12.0.6787.5000</td><td>4,695,744</td><td>24-Mar-2018</td><td>01:53</td></tr></tbody></table><h2>How to get help and support for this security update</h2><p>Help for installing updates: <a bookmark-id=\"\" data-content-id=\"\" data-content-type=\"\" href=\"https://support.microsoft.com/ph/6527\" managed-link=\"\" target=\"\">Support for Microsoft Update</a></p><p>Security solutions for IT professionals: <a bookmark-id=\"\" data-content-id=\"\" data-content-type=\"\" href=\"https://technet.microsoft.com/security/bb980617.aspx\" managed-link=\"\" target=\"\">TechNet Security Troubleshooting and Support</a></p><p>Help for protecting your Windows-based computer from viruses and malware: <a bookmark-id=\"\" data-content-id=\"\" data-content-type=\"\" href=\"https://support.microsoft.com/contactus/cu_sc_virsec_master\" managed-link=\"\" target=\"\">Virus Solution and Security Center</a></p><p>Local support according to your country: <a bookmark-id=\"\" data-content-id=\"\" data-content-type=\"\" href=\"http://support.microsoft.com\" managed-link=\"\" target=\"\">International Support</a></p><p><span><span>Propose a feature or provide feedback on Office: <a href=\"https://office.uservoice.com/\" target=\"_blank\">Office User Voice portal</a></span></span></p></body></html>", "edition": 4, "modified": "2020-04-16T09:11:10", "id": "KB4018354", "href": "https://support.microsoft.com/en-us/help/4018354/", "published": "2018-04-10T00:00:00", "title": "Description of the security update for Microsoft Office Compatibility Pack Service Pack 3: April 10, 2018", "type": "mskb", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}], "nessus": [{"lastseen": "2021-01-01T05:44:31", "description": "The Microsoft Word Products are missing security updates. It is,\ntherefore, affected by an information disclosure vulnerability when\nOffice renders Rich Text Format (RTF) email messages containing OLE\nobjects when a message is opened or previewed. This vulnerability\ncould potentially result in the disclosure of sensitive information\nto a malicious site.\n\nThe security update addresses the vulnerability by correcting how\nOffice processes OLE objects.", "edition": 26, "cvss3": {"score": 6.5, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"}, "published": "2018-04-10T00:00:00", "title": "Security Updates for Microsoft Word Products (April 2018)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-0950"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:microsoft:word"], "id": "SMB_NT_MS18_APR_WORD.NASL", "href": "https://www.tenable.com/plugins/nessus/108976", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(108976);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2019/11/08\");\n\n script_cve_id(\"CVE-2018-0950\");\n script_xref(name:\"MSKB\", value:\"4018339\");\n script_xref(name:\"MSKB\", value:\"4018355\");\n script_xref(name:\"MSKB\", value:\"4018347\");\n script_xref(name:\"MSKB\", value:\"4018359\");\n script_xref(name:\"MSFT\", value:\"MS18-4018339\");\n script_xref(name:\"MSFT\", value:\"MS18-4018355\");\n script_xref(name:\"MSFT\", value:\"MS18-4018347\");\n script_xref(name:\"MSFT\", value:\"MS18-4018359\");\n\n script_name(english:\"Security Updates for Microsoft Word Products (April 2018)\");\n script_summary(english:\"Checks for Microsoft security updates.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The Microsoft Word Products are affected by an information disclosure\nvulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The Microsoft Word Products are missing security updates. It is,\ntherefore, affected by an information disclosure vulnerability when\nOffice renders Rich Text Format (RTF) email messages containing OLE\nobjects when a message is opened or previewed. This vulnerability\ncould potentially result in the disclosure of sensitive information\nto a malicious site.\n\nThe security update addresses the vulnerability by correcting how\nOffice processes OLE objects.\");\n # https://support.microsoft.com/en-us/help/4018355/description-of-the-security-update-for-word-2007-april-10-2018\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e9236b3d\");\n # https://support.microsoft.com/en-us/help/4018359/description-of-the-security-update-for-word-2010-april-10-2018\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ca11752e\");\n # https://support.microsoft.com/en-us/help/4018347/description-of-the-security-update-for-word-2013-april-10-2018\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1213962f\");\n # https://support.microsoft.com/en-us/help/4018339/description-of-the-security-update-for-word-2016-april-10-2018\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?124b2a7c\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released the following security updates to address this issue:\n -KB4018339\n -KB4018355\n -KB4018347\n -KB4018359\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-0950\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/04/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/04/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/04/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:word\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"office_installed.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_reg_query.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"install_func.inc\");\n\nglobal_var vuln;\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS18-04\";\nkbs = make_list(\n '4018355', # Word 2007 SP3\n '4018359', # Word 2010 SP2\n '4018347', # Word 2013 SP1\n '4018339' # Word 2016\n);\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_WARNING);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\", exit_code:1);\n\nvuln = FALSE;\nport = kb_smb_transport();\n\n######################################################################\n# Word 2007, 2010, 2013, 2016\n######################################################################\nfunction perform_word_checks()\n{\n local_var word_checks, kb16;\n\n kb16 = \"4018339\";\n word_checks = make_array(\n \"12.0\", make_array(\"sp\", 3, \"version\", \"12.0.6787.5000\", \"kb\", \"4018355\"),\n \"14.0\", make_array(\"sp\", 2, \"version\", \"14.0.7197.5000\", \"kb\", \"4018359\"),\n \"15.0\", make_array(\"sp\", 1, \"version\", \"15.0.5023.1000\", \"kb\", \"4018347\"),\n \"16.0\", make_nested_list(\n make_array(\"sp\", 0, \"version\", \"16.0.4666.1000\", \"channel\", \"MSI\", \"kb\", kb16),\n make_array(\"sp\", 0, \"version\", \"16.0.8431.2242\", \"channel\", \"Deferred\", \"channel_version\", \"1708\", \"kb\", kb16),\n make_array(\"sp\", 0, \"version\", \"16.0.8201.2272\", \"channel\", \"Deferred\", \"kb\", kb16),\n make_array(\"sp\", 0, \"version\", \"16.0.9126.2152\", \"channel\", \"First Release for Deferred\", \"kb\", kb16),\n make_array(\"sp\", 0, \"version\", \"16.0.9126.2152\", \"channel\", \"Current\", \"kb\", kb16)\n )\n );\n if (hotfix_check_office_product(product:\"Word\", checks:word_checks, bulletin:bulletin))\n vuln = TRUE;\n}\n\n######################################################################\n# MAIN\n######################################################################\nperform_word_checks();\n\nif (vuln)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_warning();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, 'affected');\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-01T05:44:30", "description": "The Microsoft Office Compatibility Products are missing\nsecurity updates. It is, therefore, affected by multiple\nvulnerabilities :\n\n - An information disclosure vulnerability exists when\n Office renders Rich Text Format (RTF) email messages\n containing OLE objects when a message is opened or\n previewed. This vulnerability could potentially result\n in the disclosure of sensitive information to a\n malicious site. (CVE-2018-0950)\n\n - A remote code execution vulnerability exists in\n Microsoft Excel software when the software fails to\n properly handle objects in memory. An attacker who\n successfully exploited the vulnerability could run\n arbitrary code in the context of the current user. If\n the current user is logged on with administrative user\n rights, an attacker could take control of the affected\n system. An attacker could then install programs; view,\n change, or delete data; or create new accounts with full\n user rights. (CVE-2018-1027, CVE-2018-1029)", "edition": 25, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2018-04-10T00:00:00", "title": "Security Updates for Microsoft Office Compatibility Products (April 2018)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-0950", "CVE-2018-1027", "CVE-2018-1029"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:microsoft:office_compatibility_pack"], "id": "SMB_NT_MS18_APR_OFFICE_COMPATIBILITY.NASL", "href": "https://www.tenable.com/plugins/nessus/108973", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(108973);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2019/11/08\");\n\n script_cve_id(\"CVE-2018-0950\", \"CVE-2018-1027\", \"CVE-2018-1029\");\n script_xref(name:\"MSKB\", value:\"4011717\");\n script_xref(name:\"MSKB\", value:\"4018354\");\n script_xref(name:\"MSFT\", value:\"MS18-4011717\");\n script_xref(name:\"MSFT\", value:\"MS18-4018354\");\n\n script_name(english:\"Security Updates for Microsoft Office Compatibility Products (April 2018)\");\n script_summary(english:\"Checks for Microsoft security updates.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The Microsoft Office Compatibility Products are affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The Microsoft Office Compatibility Products are missing\nsecurity updates. It is, therefore, affected by multiple\nvulnerabilities :\n\n - An information disclosure vulnerability exists when\n Office renders Rich Text Format (RTF) email messages\n containing OLE objects when a message is opened or\n previewed. This vulnerability could potentially result\n in the disclosure of sensitive information to a\n malicious site. (CVE-2018-0950)\n\n - A remote code execution vulnerability exists in\n Microsoft Excel software when the software fails to\n properly handle objects in memory. An attacker who\n successfully exploited the vulnerability could run\n arbitrary code in the context of the current user. If\n the current user is logged on with administrative user\n rights, an attacker could take control of the affected\n system. An attacker could then install programs; view,\n change, or delete data; or create new accounts with full\n user rights. (CVE-2018-1027, CVE-2018-1029)\");\n # https://support.microsoft.com/en-us/help/4011717/description-of-the-security-update-for-microsoft-office-compatibility\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?263974b3\");\n # https://support.microsoft.com/en-us/help/4018354/description-of-the-security-update-for-microsoft-office-compatibility\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?53533848\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released the following security updates to address this issue: \n -KB4011717\n -KB4018354\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-1029\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/04/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/04/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/04/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:office_compatibility_pack\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"office_installed.nasl\", \"microsoft_office_compatibility_pack_installed.nbin\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"misc_func.inc\");\ninclude(\"audit.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS18-04\";\nkbs = make_list('4011717', '4018354');\n\nvuln = FALSE;\n\nif (get_kb_item(\"Host/patch_management_checks\"))\n hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\n####################################################################\n# Office Compatibility Pack\n####################################################################\ninstalls = get_kb_list(\"SMB/Office/WordCnv/*/ProductPath\");\n\nforeach install (keys(installs))\n{\n path = installs[install];\n path = ereg_replace(pattern:'^(.+)\\\\\\\\[^\\\\\\\\]+\\\\.exe$', replace:\"\\1\\\", string:path, icase:TRUE);\n\n kb = \"4011717\";\n file = \"excelcnv.exe\";\n version = \"12.0.6787.5000\";\n min_version = \"12.0.0.0\";\n product = \"Microsoft Office Compatibility Pack\";\n if (hotfix_check_fversion(path:path, file:file, version:version, kb:kb, bulletin:bulletin, min_version:min_version, product:product) == HCF_OLDER)\n vuln = TRUE;\n\n kb = \"4018354\";\n file = \"wordcnv.dll\";\n version = \"12.0.6787.5000\";\n min_version = \"12.0.0.0\";\n product = \"Microsoft Office Compatibility Pack\";\n if (hotfix_check_fversion(path:path, file:file, version:version, kb:kb, bulletin:bulletin, min_version:min_version, product:product) == HCF_OLDER)\n vuln = TRUE;\n}\n\nif(vuln)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, 'affected');\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T05:44:30", "description": "The Microsoft Office Products are missing security updates.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An information disclosure vulnerability exists when\n Microsoft Office improperly discloses the contents of\n its memory. An attacker who exploited the vulnerability\n could use the information to compromise the users\n computer or data. (CVE-2018-1007)\n\n - An information disclosure vulnerability exists when\n Office renders Rich Text Format (RTF) email messages\n containing OLE objects when a message is opened or\n previewed. This vulnerability could potentially result\n in the disclosure of sensitive information to a\n malicious site. (CVE-2018-0950)\n\n - A remote code execution vulnerability exists in\n Microsoft Office software when the software fails to\n properly handle objects in memory. An attacker who\n successfully exploited the vulnerability could run\n arbitrary code in the context of the current user. If\n the current user is logged on with administrative user\n rights, an attacker could take control of the affected\n system. An attacker could then install programs; view,\n change, or delete data; or create new accounts with full\n user rights. (CVE-2018-1026, CVE-2018-1030)\n\n - A remote code execution vulnerability exists when the\n Office graphics component improperly handles specially\n crafted embedded fonts. An attacker who successfully\n exploited this vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2018-1028)", "edition": 27, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2018-04-10T00:00:00", "title": "Security Updates for Microsoft Office Products (April 2018)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-1030", "CVE-2018-1007", "CVE-2018-1028", "CVE-2018-1026", "CVE-2018-0950"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:microsoft:office"], "id": "SMB_NT_MS18_APR_OFFICE.NASL", "href": "https://www.tenable.com/plugins/nessus/108972", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(108972);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2019/11/08\");\n\n script_cve_id(\n \"CVE-2018-0950\",\n \"CVE-2018-1007\",\n \"CVE-2018-1026\",\n \"CVE-2018-1028\",\n \"CVE-2018-1030\"\n );\n script_xref(name:\"MSKB\", value:\"4018357\");\n script_xref(name:\"MSKB\", value:\"4011628\");\n script_xref(name:\"MSKB\", value:\"4018330\");\n script_xref(name:\"MSKB\", value:\"4018319\");\n script_xref(name:\"MSKB\", value:\"4018288\");\n script_xref(name:\"MSKB\", value:\"4018328\");\n script_xref(name:\"MSKB\", value:\"4018311\");\n script_xref(name:\"MSFT\", value:\"MS18-4018357\");\n script_xref(name:\"MSFT\", value:\"MS18-4011628\");\n script_xref(name:\"MSFT\", value:\"MS18-4018330\");\n script_xref(name:\"MSFT\", value:\"MS18-4018319\");\n script_xref(name:\"MSFT\", value:\"MS18-4018288\");\n script_xref(name:\"MSFT\", value:\"MS18-4018328\");\n script_xref(name:\"MSFT\", value:\"MS18-4018311\");\n\n script_name(english:\"Security Updates for Microsoft Office Products (April 2018)\");\n script_summary(english:\"Checks for Microsoft security updates.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The Microsoft Office Products are affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The Microsoft Office Products are missing security updates.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An information disclosure vulnerability exists when\n Microsoft Office improperly discloses the contents of\n its memory. An attacker who exploited the vulnerability\n could use the information to compromise the users\n computer or data. (CVE-2018-1007)\n\n - An information disclosure vulnerability exists when\n Office renders Rich Text Format (RTF) email messages\n containing OLE objects when a message is opened or\n previewed. This vulnerability could potentially result\n in the disclosure of sensitive information to a\n malicious site. (CVE-2018-0950)\n\n - A remote code execution vulnerability exists in\n Microsoft Office software when the software fails to\n properly handle objects in memory. An attacker who\n successfully exploited the vulnerability could run\n arbitrary code in the context of the current user. If\n the current user is logged on with administrative user\n rights, an attacker could take control of the affected\n system. An attacker could then install programs; view,\n change, or delete data; or create new accounts with full\n user rights. (CVE-2018-1026, CVE-2018-1030)\n\n - A remote code execution vulnerability exists when the\n Office graphics component improperly handles specially\n crafted embedded fonts. An attacker who successfully\n exploited this vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2018-1028)\");\n # https://support.microsoft.com/en-us/help/4018357/description-of-the-security-update-for-office-2010-april-10-2018\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?786de97b\");\n # https://support.microsoft.com/en-us/help/4011628/description-of-the-security-update-for-office-2016-april-10-2018\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?3540c129\");\n # https://support.microsoft.com/en-us/help/4018330/description-of-the-security-update-for-office-2013-april-10-2018\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?4c321eb8\");\n # https://support.microsoft.com/en-us/help/4018319/descriptionofthesecurityupdateforoffice2016april10-2018\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?33c07dfa\");\n # https://support.microsoft.com/en-us/help/4018288/description-of-the-security-update-for-office-2013-april-10-2018\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?89cc14f2\");\n # https://support.microsoft.com/en-us/help/4018328/description-of-the-security-update-for-office-2016-april-10-2018\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b34b25dc\");\n # https://support.microsoft.com/en-us/help/4018311/description-of-the-security-update-for-office-2010-april-10-2018\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?011d8a4a\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released the following security updates to address this issue: \n -KB4018357\n -KB4011628\n -KB4018330\n -KB4018319\n -KB4018288\n -KB4018328\n -KB4018311\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/04/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/04/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/04/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:office\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"office_installed.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_reg_query.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"install_func.inc\");\n\nglobal_var vuln;\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS18-04\";\nkbs = make_list(\n '4018357', # Office 2010 SP2\n '4018311', # Office 2010 SP2\n '4018288', # Office 2013 SP1\n '4018330', # Office 2013 SP1\n '4011628', # Office 2016\n '4018319', # Office 2016\n '4018328' # Office 2016\n);\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\", exit_code:1);\n\nvuln = FALSE;\nport = kb_smb_transport();\n\n######################################################################\n# Office 2007, 2010, 2013, 2016\n######################################################################\nfunction perform_office_checks()\n{\n local_var office_vers, office_sp, common_path, path, prod, file, kb, c2r_file;\n office_vers = hotfix_check_office_version();\n\n ####################################################################\n # Office 2010 SP2 Checks\n # wwlibcxm.dll only exists if KB2428677 is installed\n ####################################################################\n if (office_vers[\"14.0\"])\n {\n office_sp = get_kb_item(\"SMB/Office/2010/SP\");\n if (!isnull(office_sp) && office_sp == 2)\n {\n prod = \"Microsoft Office 2010 SP2\";\n\n path = hotfix_get_officeprogramfilesdir(officever:\"14.0\");\n if (hotfix_check_fversion(file:\"wwlibcxm.dll\", version:\"14.0.7197.5000\", path:path, kb:\"4018357\", bulletin:bulletin, product:prod) == HCF_OLDER)\n vuln = TRUE;\n\n path = hotfix_get_officecommonfilesdir(officever:\"14.0\");\n path = hotfix_append_path(\n path : path,\n value : \"Microsoft Shared\\Office14\"\n );\n if (hotfix_check_fversion(file:\"mso.dll\", version:\"14.0.7197.5000\", path:path, kb:\"4018311\", bulletin:bulletin, product:prod) == HCF_OLDER)\n vuln = TRUE;\n }\n }\n\n ####################################################################\n # Office 2013 SP1 Checks\n ####################################################################\n if (office_vers[\"15.0\"])\n {\n office_sp = get_kb_item(\"SMB/Office/2013/SP\");\n if (!isnull(office_sp) && office_sp == 1)\n {\n prod = \"Microsoft Office 2013 SP1\";\n\n path = hotfix_get_officeprogramfilesdir(officever:\"15.0\");\n path = hotfix_append_path(\n path : path,\n value : \"Microsoft Office\\Office15\"\n );\n if (hotfix_check_fversion(file:\"igx.dll\", version:\"15.0.5015.1000\", path:path, kb:\"4018288\", bulletin:bulletin, product:prod) == HCF_OLDER)\n vuln = TRUE;\n\n path = hotfix_get_officecommonfilesdir(officever:\"15.0\");\n path = hotfix_append_path(\n path : path,\n value : \"Microsoft Shared\\Office15\"\n );\n if (hotfix_check_fversion(file:\"mso.dll\", version:\"15.0.5023.1000\", path:path, kb:\"4018330\", bulletin:bulletin, product:prod) == HCF_OLDER)\n vuln = TRUE;\n }\n }\n\n ####################################################################\n # Office 2016 Checks\n ####################################################################\n if (office_vers[\"16.0\"])\n {\n office_sp = get_kb_item(\"SMB/Office/2016/SP\");\n if (!isnull(office_sp) && office_sp == 0)\n {\n prod = \"Microsoft Office 2016\";\n\n path = hotfix_get_officeprogramfilesdir(officever:\"16.0\");\n path = hotfix_append_path(\n path : path,\n value : \"Microsoft Office\\root\\Office16\"\n );\n kb = \"4011628\";\n file = \"igx.dll\";\n if (\n hotfix_check_fversion(file:file, version:\"16.0.4666.1000\", channel:\"MSI\", channel_product:\"Office\", path:path, kb:kb, bulletin:bulletin, product:prod) == HCF_OLDER\n )\n vuln = TRUE;\n\n path = hotfix_get_officeprogramfilesdir(officever:\"16.0\");\n path = hotfix_append_path(\n path : path,\n value : \"Microsoft Office\\root\\Office16\"\n );\n file = \"chart.dll\";\n kb = \"4018319\";\n if (\n hotfix_check_fversion(file:file, version:\"16.0.4678.1000\", channel:\"MSI\", channel_product:\"Office\", path:path, kb:kb, bulletin:bulletin, product:prod) == HCF_OLDER ||\n hotfix_check_fversion(file:file, version:\"16.0.8201.2272\", channel:\"Deferred\", channel_product:\"Office\", path:path, kb:kb, bulletin:bulletin, product:prod) == HCF_OLDER ||\n hotfix_check_fversion(file:file, version:\"16.0.8431.2242\", channel:\"Deferred\", channel_version:\"1708\", channel_product:\"Office\", path:path, kb:kb, bulletin:bulletin, product:prod) == HCF_OLDER ||\n hotfix_check_fversion(file:file, version:\"16.0.9126.2152\", channel:\"First Release for Deferred\", channel_product:\"Office\", path:path, kb:kb, bulletin:bulletin, product:prod) == HCF_OLDER ||\n hotfix_check_fversion(file:file, version:\"16.0.9126.2152\", channel:\"Current\", channel_product:\"Office\", path:path, kb:kb, bulletin:bulletin, product:prod) == HCF_OLDER\n )\n vuln = TRUE;\n\n path = hotfix_get_officecommonfilesdir(officever:\"16.0\");\n path = hotfix_append_path(\n path : path,\n value : \"Microsoft Shared\\OFFICE16\"\n );\n file = \"mso.dll\";\n kb = \"4018328\";\n if (\n hotfix_check_fversion(file:file, version:\"16.0.4678.1000\", channel:\"MSI\", channel_product:\"Office\", path:path, kb:kb, bulletin:bulletin, product:prod) == HCF_OLDER\n )\n vuln = TRUE;\n }\n }\n}\n\n######################################################################\n# MAIN\n######################################################################\nperform_office_checks();\n\nif (vuln)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, 'affected');\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "kaspersky": [{"lastseen": "2020-09-02T12:00:42", "bulletinFamily": "info", "cvelist": ["CVE-2018-0920", "CVE-2018-1014", "CVE-2018-1030", "CVE-2018-1011", "CVE-2018-1007", "CVE-2018-1028", "CVE-2018-1026", "CVE-2018-1034", "CVE-2018-0950", "CVE-2018-1005", "CVE-2018-1032", "CVE-2018-1027", "CVE-2018-1029"], "description": "### *Detect date*:\n04/10/2018\n\n### *Severity*:\nHigh\n\n### *Description*:\nMultiple serious vulnerabilities have been found in Microsoft Office. Malicious users can exploit these vulnerabilities to gain privileges, obtain sensitive information and execute arbitrary code.\n\n### *Affected products*:\nMicrosoft Excel 2010 Service Pack 2 \nMicrosoft Office 2016 \nMicrosoft Excel 2013 Service Pack 1 \nMicrosoft SharePoint Enterprise Server 2013 Service Pack 1 \nMicrosoft SharePoint Enterprise Server 2016 \nMicrosoft Office 2013 Service Pack 1 \nMicrosoft Office 2016 Click-to-Run \nMicrosoft SharePoint Server 2010 Service Pack 2 \nMicrosoft Excel 2016 Click-to-Run \nMicrosoft Excel 2007 Service Pack 3 \nMicrosoft Excel 2010 Service Pack 2 \nMicrosoft Excel 2016 \nMicrosoft Excel Viewer 2007 Service Pack 3 \nMicrosoft Office Compatibility Pack Service Pack 3 \nMicrosoft Office 2016 for Mac \nMicrosoft Office 2010 Service Pack 2 \nMicrosoft Word 2007 Service Pack 3 \nMicrosoft Word 2010 Service Pack 2 \nMicrosoft Word 2013 Service Pack 1 \nMicrosoft Word 2016 \nWord Automation Services\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2018-1028](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1028>) \n[CVE-2018-0950](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0950>) \n[CVE-2018-1014](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1014>) \n[CVE-2018-1034](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1034>) \n[CVE-2018-1027](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1027>) \n[CVE-2018-1029](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1029>) \n[CVE-2018-1032](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1032>) \n[CVE-2018-1030](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1030>) \n[CVE-2018-1026](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1026>) \n[CVE-2018-1005](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1005>) \n[CVE-2018-1011](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1011>) \n[CVE-2018-1007](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1007>) \n[CVE-2018-0920](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0920>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats](<https://threats.kaspersky.com/en/product/Microsoft-Office-Compatibility-Pack-for-Word,-Excel,-and-PowerPoint-2007-File-Formats/>)\n\n### *CVE-IDS*:\n[CVE-2018-1028](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1028>)9.3Critical \n[CVE-2018-0950](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0950>)4.3Warning \n[CVE-2018-1014](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1014>)4.9Warning \n[CVE-2018-1034](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1034>)3.5Warning \n[CVE-2018-1027](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1027>)9.3Critical \n[CVE-2018-1029](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1029>)9.3Critical \n[CVE-2018-1032](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1032>)3.5Warning \n[CVE-2018-1030](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1030>)9.3Critical \n[CVE-2018-1026](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1026>)9.3Critical \n[CVE-2018-1005](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1005>)3.5Warning \n[CVE-2018-1011](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1011>)9.3Critical \n[CVE-2018-1007](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1007>)2.6Warning \n[CVE-2018-0920](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0920>)9.3Critical\n\n### *Microsoft official advisories*:\n\n\n### *KB list*:\n[4018355](<http://support.microsoft.com/kb/4018355>) \n[4018311](<http://support.microsoft.com/kb/4018311>) \n[4018357](<http://support.microsoft.com/kb/4018357>) \n[4018344](<http://support.microsoft.com/kb/4018344>) \n[4018341](<http://support.microsoft.com/kb/4018341>) \n[4018350](<http://support.microsoft.com/kb/4018350>) \n[4018354](<http://support.microsoft.com/kb/4018354>) \n[4018360](<http://support.microsoft.com/kb/4018360>) \n[4018362](<http://support.microsoft.com/kb/4018362>) \n[4018319](<http://support.microsoft.com/kb/4018319>) \n[4011628](<http://support.microsoft.com/kb/4011628>) \n[4018342](<http://support.microsoft.com/kb/4018342>) \n[4011586](<http://support.microsoft.com/kb/4011586>) \n[4011717](<http://support.microsoft.com/kb/4011717>) \n[4018337](<http://support.microsoft.com/kb/4018337>) \n[4011719](<http://support.microsoft.com/kb/4011719>) \n[4018339](<http://support.microsoft.com/kb/4018339>) \n[4018328](<http://support.microsoft.com/kb/4018328>) \n[4018356](<http://support.microsoft.com/kb/4018356>) \n[4011712](<http://support.microsoft.com/kb/4011712>) \n[4018359](<http://support.microsoft.com/kb/4018359>) \n[4018347](<http://support.microsoft.com/kb/4018347>) \n[4018353](<http://support.microsoft.com/kb/4018353>) \n[4018343](<http://support.microsoft.com/kb/4018343>) \n[4018336](<http://support.microsoft.com/kb/4018336>) \n[4018288](<http://support.microsoft.com/kb/4018288>) \n[4018330](<http://support.microsoft.com/kb/4018330>)", "edition": 35, "modified": "2020-05-22T00:00:00", "published": "2018-04-10T00:00:00", "id": "KLA11225", "href": "https://threats.kaspersky.com/en/vulnerability/KLA11225", "title": "\r KLA11225Multiple vulnerabilities in Microsoft Office ", "type": "kaspersky", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "talosblog": [{"lastseen": "2018-05-15T09:08:43", "bulletinFamily": "blog", "cvelist": ["CVE-2018-0870", "CVE-2018-0887", "CVE-2018-0890", "CVE-2018-0892", "CVE-2018-0920", "CVE-2018-0950", "CVE-2018-0956", "CVE-2018-0957", "CVE-2018-0959", "CVE-2018-0960", "CVE-2018-0963", "CVE-2018-0964", "CVE-2018-0966", "CVE-2018-0967", "CVE-2018-0968", "CVE-2018-0969", "CVE-2018-0970", "CVE-2018-0971", "CVE-2018-0972", "CVE-2018-0973", "CVE-2018-0974", "CVE-2018-0975", "CVE-2018-0976", "CVE-2018-0979", "CVE-2018-0980", "CVE-2018-0981", "CVE-2018-0986", "CVE-2018-0987", "CVE-2018-0988", "CVE-2018-0989", "CVE-2018-0990", "CVE-2018-0991", "CVE-2018-0993", "CVE-2018-0994", "CVE-2018-0995", "CVE-2018-0996", "CVE-2018-0997", "CVE-2018-0998", "CVE-2018-1000", "CVE-2018-1001", "CVE-2018-1003", "CVE-2018-1004", "CVE-2018-1005", "CVE-2018-1008", "CVE-2018-1009", "CVE-2018-1010", "CVE-2018-1011", "CVE-2018-1012", "CVE-2018-1013", "CVE-2018-1014", "CVE-2018-1015", "CVE-2018-1016", "CVE-2018-1018", "CVE-2018-1019", "CVE-2018-1020", "CVE-2018-1023", "CVE-2018-1026", "CVE-2018-1027", "CVE-2018-1028", "CVE-2018-1029", "CVE-2018-1030", "CVE-2018-1032", "CVE-2018-1034"], "description": "## Microsoft Patch Tuesday - April 2018\n\n \nToday, Microsoft has released its monthly set of security advisories for vulnerabilities that have been identified and addressed in various products. This month's advisory release addresses 65 new vulnerabilities and one advisory, with 25 of them rated critical, 39 of them rated important and one of them rated moderate. These vulnerabilities impact Microsoft Windows, Internet Explorer, Microsoft Edge, Microsoft Office, Windows kernel, Windows Hyper-V, Microsoft Scripting Engine and more. \n \nIn addition, an update for Adobe Flash Player was released. \n \n \n \n\n\n### Critical Vulnerabilities\n\n \nThis month, Microsoft is addressing 25 vulnerabilities that are rated \"critical\". \n \nThe vulnerabilities rated as \"critical\" are listed below: \n \n[CVE-2018-0870 - Internet Explorer Memory Corruption Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0870>) \n[CVE-2018-0959 - Hyper-V Remote Code Execution Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0959>) \n[CVE-2018-0979 - Chakra Scripting Engine Memory Corruption Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0979>) \n[CVE-2018-0980 - Chakra Scripting Engine Memory Corruption Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0980>) \n[CVE-2018-0981 - Scripting Engine Information Disclosure Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0981>) \n[CVE-2018-0986 - Microsoft Malware Protection Engine Remote Code Execution Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0986>) \n[CVE-2018-0988 - Scripting Engine Memory Corruption Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0988>) \n[CVE-2018-0990 - Chakra Scripting Engine Memory Corruption Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0990>) \n[CVE-2018-0991 - Internet Explorer Memory Corruption Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0991>) \n[CVE-2018-0993 - Chakra Scripting Engine Memory Corruption Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0993>) \n[CVE-2018-0994 - Chakra Scripting Engine Memory Corruption Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0994>) \n[CVE-2018-0995 - Chakra Scripting Engine Memory Corruption Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0995>) \n[CVE-2018-0996 - Scripting Engine Memory Corruption Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0996>) \n[CVE-2018-1000 - Scripting Engine Information Disclosure Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1000>) \n[CVE-2018-1004 - Windows VBScript Engine Remote Code Execution Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1004>) \n[CVE-2018-1010 - Microsoft Graphics Remote Code Execution Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1010>) \n[CVE-2018-1012 - Microsoft Graphics Remote Code Execution Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1012>) \n[CVE-2018-1013 - Microsoft Graphics Remote Code Execution Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1013>) \n[CVE-2018-1015 - Microsoft Graphics Remote Code Execution Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1015>) \n[CVE-2018-1016 - Microsoft Graphics Remote Code Execution Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1016>) \n[CVE-2018-1018 - Internet Explorer Memory Corruption Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1018>) \n[CVE-2018-1019 - Chakra Scripting Engine Memory Corruption Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1019>) \n[CVE-2018-1020 - Internet Explorer Memory Corruption Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1020>) \n[CVE-2018-1023 - Microsoft Browser Memory Corruption Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1023>) \n[ADV180007 - Adobe Flash Player April 2018 Adobe Flash Security Update](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180007>) \n \n\n\n### Important Vulnerabilities\n\n \nThis month, Microsoft is addressing 38 vulnerabilities that are rated \"important\". Talos believes six of these are notable and require prompt attention. \n \n[CVE-2018-1011 - Microsoft Excel Remote Code Execution Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1011>) \n \nA remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs, view, change, or delete data, or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative rights. \n \n \n[CVE-2018-1026 - Microsoft Office Remote Code Execution Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1026>) \n \nA remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploits the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs, view, change, or delete data, or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. \n \n \n[CVE-2018-1027 - Microsoft Excel Remote Code Execution Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1027>) \n \nA remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. \n \n \n[CVE-2018-1028 - Microsoft Office Graphics Remote Code Execution Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1028>) \n \nA remote code execution vulnerability exists when Office graphics improperly handles specially crafted embedded fonts. An attacker who successfully exploits this vulnerability could take control of the affected system. An attacker could then install programs, view, change, or delete data, or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. \n \n \n[CVE-2018-1029 - Microsoft Excel Remote Code Execution Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1029>) \n \nA remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploits the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs, view, change, or delete data, or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. \n \n \n[CVE-2018-1030 - Microsoft Office Remote Code Execution Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1030>) \n \nA remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs, view, change, or delete data, or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. \n \n \nOther vulnerabilities deemed \"important\" are listed below: \n \n[CVE-2018-0887 - Windows Kernel Information Disclosure Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0887>) \n[CVE-2018-0890 - Active Directory Security Feature Bypass Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0890>) \n[CVE-2018-0892 - Microsoft Edge Information Disclosure Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0892>) \n[CVE-2018-0920 - Microsoft Excel Remote Code Execution Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0920>) \n[CVE-2018-0950 - Microsoft Office Information Disclosure Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0950>) \n[CVE-2018-0956 - HTTP.sys Denial of Service Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0956>) \n[CVE-2018-0957 - Hyper-V Information Disclosure Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0957>) \n[CVE-2018-0960 - Windows Kernel Information Disclosure Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0960>) \n[CVE-2018-0963 - Windows Kernel Elevation of Privilege Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0963>) \n[CVE-2018-0964 - Hyper-V Information Disclosure Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0964>) \n[CVE-2018-0966 - Device Guard Security Feature Bypass Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0966>) \n[CVE-2018-0967 - Windows SNMP Service Denial of Service Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0967>) \n[CVE-2018-0968 - Windows Kernel Information Disclosure Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0968>) \n[CVE-2018-0969 - Windows Kernel Information Disclosure Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0969>) \n[CVE-2018-0970 - Windows Kernel Information Disclosure Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0970>) \n[CVE-2018-0971 - Windows Kernel Information Disclosure Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0971>) \n[CVE-2018-0972 - Windows Kernel Information Disclosure Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0972>) \n[CVE-2018-0973 - Windows Kernel Information Disclosure Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0973>) \n[CVE-2018-0974 - Windows Kernel Information Disclosure Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0974>) \n[CVE-2018-0975 - Windows Kernel Information Disclosure Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0975>) \n[CVE-2018-0976 - Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0976>) \n[CVE-2018-0987 - Scripting Engine Information Disclosure Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0987>) \n[CVE-2018-0989 - Scripting Engine Information Disclosure Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0989>) \n[CVE-2018-0997 - Internet Explorer Memory Corruption Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0997>) \n[CVE-2018-0998 - Microsoft Edge Information Disclosure Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0998>) \n[CVE-2018-1001 - Scripting Engine Memory Corruption Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1001>) \n[CVE-2018-1003 - Microsoft JET Database Engine Remote Code Execution Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1003>) \n[CVE-2018-1005 - Microsoft SharePoint Elevation of Privilege Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1005>) \n[CVE-2018-1008 - OpenType Font Driver Elevation of Privilege Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1008>) \n[CVE-2018-1009 - Microsoft DirectX Graphics Kernel Subsystem Elevation of Privilege Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1009>) \n[CVE-2018-1014 - Microsoft SharePoint Elevation of Privilege Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1014>) \n[CVE-2018-1032 - Microsoft SharePoint Elevation of Privilege Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1032>) \n[CVE-2018-1034 - Microsoft SharePoint Elevation of Privilege Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1034>) \n \n\n\n### Coverage\n\nIn response to these vulnerability disclosures, Talos is releasing the following Snort rules that detect attempts to exploit them. Please note that additional rules may be released at a future date and current rules are subject to change pending additional information. Firepower customers should use the latest update to their ruleset by updating their SRU. Open Source Snort Subscriber Rule Set customers can stay up to date by downloading the latest rule pack available for purchase on Snort.org. \n \nSnort Rules: \n \n45628-45629 \n46163-46164 \n46176-46189 \n46192-46201 \n46204-46209 \n46212-46215 \n46218-36221 \n46226-46231 \n46233-46234 \n46243-46246 \n \n \n\n\n[](<http://feeds.feedburner.com/~ff/feedburner/Talos?a=9g_k4lM7D5g:n7sgYiCfxlI:yIl2AUoC8zA>)\n\n", "modified": "2018-04-10T22:53:51", "published": "2018-04-10T13:13:00", "id": "TALOSBLOG:76829FABFE02C32CB6E07FE9D9A8F09B", "href": "http://feedproxy.google.com/~r/feedburner/Talos/~3/9g_k4lM7D5g/ms-tuesday.html", "type": "talosblog", "title": "Microsoft Patch Tuesday - April 2018", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "trendmicroblog": [{"lastseen": "2018-04-17T16:24:56", "bulletinFamily": "blog", "cvelist": ["CVE-2018-0870", "CVE-2018-0871", "CVE-2018-0887", "CVE-2018-0890", "CVE-2018-0892", "CVE-2018-0920", "CVE-2018-0950", "CVE-2018-0956", "CVE-2018-0957", "CVE-2018-0960", "CVE-2018-0963", "CVE-2018-0964", "CVE-2018-0966", "CVE-2018-0967", "CVE-2018-0968", "CVE-2018-0969", "CVE-2018-0970", "CVE-2018-0971", "CVE-2018-0972", "CVE-2018-0973", "CVE-2018-0974", "CVE-2018-0975", "CVE-2018-0976", "CVE-2018-0979", "CVE-2018-0980", "CVE-2018-0981", "CVE-2018-0986", "CVE-2018-0987", "CVE-2018-0988", "CVE-2018-0989", "CVE-2018-0990", "CVE-2018-0991", "CVE-2018-0993", "CVE-2018-0994", "CVE-2018-0995", "CVE-2018-0996", "CVE-2018-0997", "CVE-2018-0998", "CVE-2018-1000", "CVE-2018-1001", "CVE-2018-1002", "CVE-2018-1003", "CVE-2018-1004", "CVE-2018-1005", "CVE-2018-1007", "CVE-2018-1008", "CVE-2018-1009", "CVE-2018-1010", "CVE-2018-1011", "CVE-2018-1012", "CVE-2018-1013", "CVE-2018-1014", "CVE-2018-1015", "CVE-2018-1016", "CVE-2018-1018", "CVE-2018-1019", "CVE-2018-1020", "CVE-2018-1022", "CVE-2018-1023", "CVE-2018-1026", "CVE-2018-1027", "CVE-2018-1028", "CVE-2018-1029", "CVE-2018-1030", "CVE-2018-1032", "CVE-2018-1034", "CVE-2018-1037", "CVE-2018-8116", "CVE-2018-8117"], "description": "\n\nThe interviewing process can be mentally draining. You have to look your best, say the right things, and prove that you\u2019re the best person for the job. When I interview candidates, I love to come up with the one crazy question that isn\u2019t on the usual list of questions that might be asked. I probably won\u2019t be able to use it now since I\u2019m going to disclose it here, but here goes: \u201cIf you were a tree, what type of tree would you be and why?\u201d I don\u2019t expect candidates to be experts in forestry or dendrology because there is no right or wrong answer, but I do like to hear what people can come up with off the top of their head. If you think that question is weird, how about this one? \u201cIs it ever possible that (a== 1 && a ==2 && a==3) could evaluate to true in JavaScript?\u201d Jasiel Spelman from our Zero Day Initiative came across this question on a post he read that is being asked during interviews at major tech firms. He takes a stab at answering the question in his latest blog: Inverting Your Assumptions: A Guide to JIT Comparisons. You can read it here: <https://www.zerodayinitiative.com/blog/2018/4/12/inverting-your-assumptions-a-guide-to-jit-comparisons>. **Microsoft Security Updates** There are seven new zero-day filters covering four vendors in this week\u2019s Digital Vaccine (DV) package. Microsoft released 67 security patches covering Internet Explorer (IE), Edge, ChakraCore, Windows, Visual Studio, Microsoft Office and Office Services and Web Apps, and the Malware Protection Engine. Of these 67 CVEs, 24 are listed as Critical, 42 are rated Important, and one is listed as Moderate in severity. Seven of these CVEs came through the ZDI program. The following table maps Digital Vaccine filters to the Microsoft updates. You can get more detailed information on this month\u2019s security updates from Dustin Childs\u2019 [April 2018 Security Update Review](<https://www.zerodayinitiative.com/blog/2018/4/10/the-april-2018-security-update-review>) from the Zero Day Initiative: \n\n**CVE #** | **Digital Vaccine Filter #** | **Status** \n---|---|--- \nCVE-2018-0870 | 31038 | \nCVE-2018-0871 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0887 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0890 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0892 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0920 | 31039 | \nCVE-2018-0950 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0956 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0957 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0960 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0963 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0964 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0966 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0967 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0968 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0969 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0970 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0971 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0972 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0973 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0974 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0975 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0976 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0979 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0980 | 31040 | \nCVE-2018-0981 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0986 | 31136 | \nCVE-2018-0987 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0988 | 31041 | \nCVE-2018-0989 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0990 | 31061 | \nCVE-2018-0991 | 31061 | \nCVE-2018-0993 | 31043 | \nCVE-2018-0994 | 31044 | \nCVE-2018-0995 | 31060 | \nCVE-2018-0996 | 31069 | \nCVE-2018-0997 | 31076 | \nCVE-2018-0998 | 31077 | \nCVE-2018-1000 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-1001 | 31075 | \nCVE-2018-1002 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-1003 | 31079 | \nCVE-2018-1004 | 31080 | \nCVE-2018-1005 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-1007 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-1008 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-1009 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-1010 | 31081 | \nCVE-2018-1011 | 31074 | \nCVE-2018-1012 | 31072 | \nCVE-2018-1013 | 31070 | \nCVE-2018-1014 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-1015 | 31067 | \nCVE-2018-1016 | 31064 | \nCVE-2018-1018 | 31060 | \nCVE-2018-1019 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-1020 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-1022 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-1023 | 31062 | \nCVE-2018-1026 | 31063 | \nCVE-2018-1027 | 31066 | \nCVE-2018-1028 | 31073 | \nCVE-2018-1029 | 31068 | \nCVE-2018-1030 | 31071 | \nCVE-2018-1032 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-1034 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-1037 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-8116 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-8117 | | Vendor Deemed Reproducibility or Exploitation Unlikely \n \n**Zero-Day Filters** There are nine new zero-day filters covering five vendors in this week\u2019s Digital Vaccine (DV) package. A number of existing filters in this week\u2019s DV package were modified to update the filter description, update specific filter deployment recommendation, increase filter accuracy and/or optimize performance. You can browse the list of [published advisories](<http://www.zerodayinitiative.com/advisories/published/>) and [upcoming advisories](<http://www.zerodayinitiative.com/advisories/upcoming/>) on the [Zero Day Initiative](<http://www.zerodayinitiative.com/>) website. You can also follow the Zero Day Initiative on Twitter [@thezdi](<https://twitter.com/thezdi>) and on their [blog](<https://www.zerodayinitiative.com/blog>).\n\n**_Apple (2)_**\n\n \n\n | \n\n * 31139: ZDI-CAN-5525: Zero Day Initiative Vulnerability (Apple Safari)\n * 31141: ZDI-CAN-5526: Zero Day Initiative Vulnerability (Apple Safari) \n---|--- \n| \n \n**_Foxit (3)_**\n\n| \n\n * 31143: ZDI-CAN-5527: Zero Day Initiative Vulnerability (Foxit Reader)\n * 31145: ZDI-CAN-5528,5331: Zero Day Initiative Vulnerability (Foxit Reader)\n * 31146: ZDI-CAN-5529: Zero Day Initiative Vulnerability (Foxit Reader) \n---|--- \n| \n \n**_Hewlett Packard (2)_**\n\n| \n\n * 30919: HTTP: HP Application Lifecycle Management ActiveX Insecure Method Exposure Vulnerability(ZDI-12-170)\n * 31036: HTTPS: HP iNode Management Center iNodeMngChecker.exe Buffer Overflow Vulnerability (ZDI-11-232) \n---|--- \n| \n \n**_Microsoft (1)_**\n\n| \n\n * 31048: HTTP: Microsoft Office Excel XLSX File Memory Corruption Vulnerability (ZDI-10-025) \n---|--- \n| \n \n**_Trend Micro (1)_**\n\n| \n\n * 31147: ZDI-CAN-5533,5534: Zero Day Initiative Vulnerability (Trend Micro Encryption for Email Gateway) \n---|--- \n| \n \n**Missed Last Week\u2019s News?** Catch up on last week\u2019s news in my [weekly recap](<https://blog.trendmicro.com/tippingpoint-threat-intelligence-and-zero-day-coverage-week-of-april-2-2018/>).\n\nThe post [TippingPoint Threat Intelligence and Zero-Day Coverage \u2013 Week of April 9, 2018](<https://blog.trendmicro.com/tippingpoint-threat-intelligence-and-zero-day-coverage-week-of-april-9-2018/>) appeared first on [](<https://blog.trendmicro.com>).", "modified": "2018-04-13T15:37:14", "published": "2018-04-13T15:37:14", "id": "TRENDMICROBLOG:CA6E4ACCDF2EEC642B7D6E90848F2DB0", "href": "https://blog.trendmicro.com/tippingpoint-threat-intelligence-and-zero-day-coverage-week-of-april-9-2018/", "type": "trendmicroblog", "title": "TippingPoint Threat Intelligence and Zero-Day Coverage \u2013 Week of April 9, 2018", "cvss": {"score": 0.0, "vector": "NONE"}}]}
