CVE-2018-8161

4 documents4 sources

Severity

7.8HIGH

EPSS

32.4%

top 3.15%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Microsoft Office Microsoft Microsoft Sharepoint Microsoft Microsoft Word +4 more

Timeline

PublishedMay 9

Latest updateMay 13

Description

A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory, aka "Microsoft Office Remote Code Execution Vulnerability." This affects Microsoft Word, Word, Microsoft Office, Microsoft SharePoint. This CVE ID is unique from CVE-2018-8157, CVE-2018-8158.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages8 packages

▶NVDmicrosoft/office2010, 2013, 2016+2

▶NVDmicrosoft/office_web_apps2010, 2013+1

▶CVEListV5microsoft/microsoft_office4 versions+3

▶CVEListV5microsoft/wordAutomation Services on Microsoft SharePoint Server 2010 Service Pack 2, Automation Services on Microsoft SharePoint Server 2013 Service Pack 1+1

▶NVDmicrosoft/word2010, 2013, 2016+2

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-7777-xf98-rh9v: A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory, aka "Microsoft↗2022-05-13

▶

CVEList

CVE-2018-8161: A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory, aka "Microsoft↗2018-05-09

▶

📋Vendor Advisories

Microsoft

Microsoft Office Remote Code Execution Vulnerability↗2018-05-08

▶