CVE-2018-8158Microsoft Office vulnerability

14 documents5 sources
Severity
7.8HIGHNVD
EPSS
33.9%
top 3.02%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
13
Microsoft OfficeMicrosoft SharepointMicrosoft Word+10 more
Timeline
PublishedMay 9
Latest updateMay 13

Description

A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory, aka "Microsoft Office Remote Code Execution Vulnerability." This affects Microsoft Office. This CVE ID is unique from CVE-2018-8157, CVE-2018-8161.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages14 packages

NVDmicrosoft/office2010, 2013, 2016+2
NVDmicrosoft/office_web_apps2010, 2013+1
CVEListV5microsoft/microsoft_office4 versions+3

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

3
GHSA
GHSA-7777-xf98-rh9v: A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory, aka "Microsoft2022-05-13
GHSA
GHSA-cp9w-v3x3-3hfc: A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory, aka "Microsoft2022-05-13
GHSA
GHSA-43h6-fgw9-r35m: A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory, aka "Microsoft2022-05-13

📋Vendor Advisories

1
Microsoft
Microsoft Office Remote Code Execution Vulnerability2018-05-08

🕵️Threat Intelligence

7
Trendmicro
Microsoft’s May Patch Tuesday Fixes Exploited Bugs2018-05-09
Trendmicro
Microsoft’s May Patch Tuesday Fixes Exploited Bugs2018-05-09
Trendmicro
Microsoft’s May Patch Tuesday Fixes Exploited Bugs2018-05-09
Trendmicro
Microsoft’s May Patch Tuesday Fixes Exploited Bugs2018-05-09
Trendmicro
Microsoft’s May Patch Tuesday Fixes Exploited Bugs2018-05-09
CVE-2018-8158 — Microsoft Office vulnerability | cvebase