CVE-2018-0919 — Out-of-bounds Read in Corporation Microsoft Office

CWE-125 — Out-of-bounds Read CWE-908 — Use of Uninitialized Resource4 documents4 sources

Severity

3.3LOWNVD

EPSS

13.3%

top 5.82%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Corporation Microsoft Office Microsoft Office Microsoft Office Online Server +5 more

Timeline

PublishedMar 14

Latest updateMay 13

Description

Microsoft Office 2010 SP2, 2013 SP1, and 2016, Microsoft Office 2016 Click-to-Run Microsoft Office 2016 for Mac, Microsoft Office Web Apps 2010 SP2, Microsoft Office Web Apps 2013 SP1, Microsoft SharePoint Enterprise Server 2013 SP1, Microsoft SharePoint Enterprise Server 2016, Microsoft SharePoint Server 2010 SP2, Microsoft Word 2010 SP2, Word 2013 SP1 and Microsoft Word 2016 allow an information disclosure vulnerability due to how variables are initialized, aka "Microsoft Office Information Di…

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:NExploitability: 1.8 | Impact: 1.4

Affected Packages8 packages

▶NVDmicrosoft/office_web_apps_server2013

▶NVDmicrosoft/office_online_server2016

▶NVDmicrosoft/office_web_apps2010

▶NVDmicrosoft/sharepoint_enterprise_server2013, 2016+1

▶NVDmicrosoft/office2010, 2016+1

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-p98c-wc65-vxfg: Microsoft Office 2010 SP2, 2013 SP1, and 2016, Microsoft Office 2016 Click-to-Run Microsoft Office 2016 for Mac, Microsoft Office Web Apps 2010 SP2, M↗2022-05-13

▶

CVEList

CVE-2018-0919: Microsoft Office 2010 SP2, 2013 SP1, and 2016, Microsoft Office 2016 Click-to-Run Microsoft Office 2016 for Mac, Microsoft Office Web Apps 2010 SP2, M↗2018-03-14

▶

📋Vendor Advisories

Microsoft

Microsoft Office Information Disclosure Vulnerability↗2018-03-13

▶