CVE-2018-1028

CWE-94 — Code Injection4 documents4 sources

Severity

8.8HIGH

EPSS

33.4%

top 3.07%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Excel Microsoft Microsoft Office Microsoft Microsoft Sharepoint +5 more

Timeline

PublishedApr 12

Latest updateMay 14

Description

A remote code execution vulnerability exists when the Office graphics component improperly handles specially crafted embedded fonts, aka "Microsoft Office Graphics Remote Code Execution Vulnerability." This affects Word, Microsoft Office, Microsoft SharePoint, Excel, Microsoft SharePoint Server.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages8 packages

▶NVDmicrosoft/office2013, 2013_rt, 2016+2

▶NVDmicrosoft/office_web_apps2010, 2013+1

▶CVEListV5microsoft/microsoft_office9 versions+8

▶CVEListV5microsoft/microsoft_sharepoint_server2013 Service Pack 1

▶NVDmicrosoft/sharepoint_enterprise_server2013, 2016+1

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-87hq-2c3x-p62g: A remote code execution vulnerability exists when the Office graphics component improperly handles specially crafted embedded fonts, aka "Microsoft Of↗2022-05-14

▶

CVEList

CVE-2018-1028: A remote code execution vulnerability exists when the Office graphics component improperly handles specially crafted embedded fonts, aka "Microsoft Of↗2018-04-12

▶

📋Vendor Advisories

Microsoft

Microsoft Office Graphics Remote Code Execution Vulnerability↗2018-04-10

▶