A Comprehensive Guide to Office 0‑day/1‑day Vulnerabilities (2010‑2018)

This article, authored by a senior threat analyst from 360's Advanced Threat Response Team, builds upon the Bluehat Shanghai 2019 talk and serves as an extended summary of Office‑related 0day/1day vulnerabilities observed from 2010 to 2018 .

The author groups the vulnerabilities first by component (e.g., Flash/ActiveX, Open XML, Equation Editor, EPS, Moniker) and then by exploit type (stack overflow, heap overflow, use‑after‑free, type‑confusion, integer overflow, logic bugs). Each CVE entry is listed with a brief description and links to detailed analysis articles.

Key examples include CVE-2010-3333 (stack overflow), CVE-2014-1761 (heap overflow), CVE-2016-7193 (heap overflow reported by the Austrian Military Cyber Emergency Readiness Team), CVE-2017-11826 (type‑confusion, the first Chinese‑reported Office 0‑day), CVE-2015-1641 and CVE-2015-1642 (use‑after‑free), CVE-2017-11882 (equation editor stack overflow), and CVE-2015-2545 (EPS component UAF). The guide also covers later exploits such as CVE-2018-0802 , CVE-2018-8174 , and CVE-2018-8373 , highlighting their impact on modern Office versions.

For each vulnerability the author cites multiple public analyses from sources like Anquanke, BBS.Pediy, Freebuf, Fortinet, NCC Group, and personal write‑ups, providing URLs for deeper study.

A consolidated repository of sample hashes and exploit cases is referenced ( office-exploit-case-study ), enabling researchers to obtain the actual payloads for hands‑on testing.

In conclusion, the article reflects three years of cumulative research, emphasizing the importance of studying historical Office 0‑day/1‑day incidents to improve detection and mitigation strategies.