diff --git a/0001-ofz-6173-check-index-before-use.patch b/0001-ofz-6173-check-index-before-use.patch
new file mode 100644
index 0000000..d18eeef
--- /dev/null
+++ b/0001-ofz-6173-check-index-before-use.patch
@@ -0,0 +1,35 @@
+From 017fcc2fcd00af17a97bd5463d89662404f57667 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Caol=C3=A1n=20McNamara?= <caolanm@redhat.com>
+Date: Fri, 9 Feb 2018 10:49:39 +0000
+Subject: [PATCH] ofz#6173 check index before use
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Change-Id: I09d15ab324af0a8b3566f11868eb3266a68c4afe
+Reviewed-on: https://gerrit.libreoffice.org/49486
+Tested-by: Jenkins <ci@libreoffice.org>
+Reviewed-by: Caolán McNamara <caolanm@redhat.com>
+Tested-by: Caolán McNamara <caolanm@redhat.com>
+---
+ sw/source/filter/ww8/ww8toolbar.cxx | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/sw/source/filter/ww8/ww8toolbar.cxx b/sw/source/filter/ww8/ww8toolbar.cxx
+index fbaf35979faf..b7dc69dc92bf 100644
+--- a/sw/source/filter/ww8/ww8toolbar.cxx
++++ b/sw/source/filter/ww8/ww8toolbar.cxx
+@@ -164,7 +164,9 @@ bool SwCTBWrapper::Read( SvStream& rS )
+     std::vector< sal_Int16 >::iterator it_end = dropDownMenuIndices.end();
+     for ( std::vector< sal_Int16 >::iterator it = dropDownMenuIndices.begin(); it != it_end; ++it )
+     {
+-        rCustomizations[ *it ].bIsDroppedMenuTB = true;
++        if (*it < 0 || static_cast<size_t>(*it) >= rCustomizations.size())
++            continue;
++        rCustomizations[*it].bIsDroppedMenuTB = true;
+     }
+     return rS.good();
+ }
+-- 
+2.14.3
+
diff --git a/libreoffice.spec b/libreoffice.spec
index e945971..4193c42 100644
--- a/libreoffice.spec
+++ b/libreoffice.spec
@@ -284,6 +284,7 @@ Patch41: 0001-Resolves-tdf-114406-treat-as-the-operator-that-it-is.patch
 Patch42: 0001-rhbz-1541486-Fix-localized-ness-of-ooSetupFactoryUIN.patch
 Patch43: 0001-limit-WEBSERVICE-to-http-s-protocols.patch
 Patch44: 0001-ofz-5747-short-sal_Int32-like-in-StgDataStrm.patch
+Patch45: 0001-ofz-6173-check-index-before-use.patch
 
 %if 0%{?rhel}
 # not upstreamed
@@ -2380,6 +2381,7 @@ done
 %changelog
 * Fri Apr 20 2018 Caolán McNamara <caolanm@redhat.com> - 1:5.3.7.2-9
 - CVE-2018-10119 Use After Free in Structured Storage parser
+- CVE-2018-10120 Heap Buffer Overflow in MSWord Customizations parsing
 
 * Fri Feb 09 2018 Caolán McNamara <caolanm@redhat.com> - 1:5.3.7.2-8
 - CVE-2018-1055 WEBSERVICE formula woes