CVE-2018-1007 — Sensitive Information Exposure in Microsoft Office

4 documents4 sources

Severity

5.3MEDIUMNVD

CNA6.5

EPSS

25.6%

top 3.76%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Office Microsoft Office

Timeline

PublishedApr 12

Latest updateMay 13

Description

An information disclosure vulnerability exists when Microsoft Office improperly discloses the contents of its memory, aka "Microsoft Office Information Disclosure Vulnerability." This affects Microsoft Office. This CVE ID is unique from CVE-2018-0950.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 1.6 | Impact: 3.6

Affected Packages2 packages

▶NVDmicrosoft/office2016

▶CVEListV5microsoft/microsoft_office2016 (32-bit edition), 2016 (64-bit edition)+1

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-5qwh-c5rc-7f4v: An information disclosure vulnerability exists when Microsoft Office improperly discloses the contents of its memory, aka "Microsoft Office Informatio↗2022-05-13

▶

CVEList

CVE-2018-1007: An information disclosure vulnerability exists when Microsoft Office improperly discloses the contents of its memory, aka "Microsoft Office Informatio↗2018-04-12

▶

📋Vendor Advisories

Microsoft

Microsoft Office Information Disclosure Vulnerability↗2018-04-10

▶