CVE-2018-8157 — Microsoft Office vulnerability

4 documents4 sources

Severity

7.8HIGHNVD

EPSS

33.9%

top 3.03%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Office Microsoft Sharepoint Microsoft Word +2 more

Timeline

PublishedMay 9

Latest updateMay 13

Description

A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory, aka "Microsoft Office Remote Code Execution Vulnerability." This affects Microsoft Office. This CVE ID is unique from CVE-2018-8158, CVE-2018-8161.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages5 packages

▶NVDmicrosoft/office2010, 2013, 2016+2

▶CVEListV5microsoft/microsoft_office11 versions+10

▶CVEListV5microsoft/wordAutomation Services on Microsoft SharePoint Server 2010 Service Pack 2, Automation Services on Microsoft SharePoint Server 2013 Service Pack 1+1

▶CVEListV5microsoft/microsoft_word7 versions+6

▶CVEListV5microsoft/microsoft_sharepointEnterprise Server 2016

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-43h6-fgw9-r35m: A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory, aka "Microsoft↗2022-05-13

▶

CVEList

CVE-2018-8157: A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory, aka "Microsoft↗2018-05-09

▶

📋Vendor Advisories

Microsoft

Microsoft Office Remote Code Execution Vulnerability↗2018-05-08

▶