CVE-2018-8163 — Sensitive Information Exposure in Microsoft Excel

CWE-200 — Sensitive Information Exposure5 documents5 sources

Severity

5.5MEDIUMNVD

EPSS

28.9%

top 3.43%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Excel Microsoft Office

Timeline

PublishedMay 9

Latest updateMay 14

Description

An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka "Microsoft Excel Information Disclosure Vulnerability." This affects Microsoft Office, Microsoft Excel.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

▶NVDmicrosoft/excel2010, 2013, 2016+2

▶NVDmicrosoft/office2016

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-3jcj-hgr2-f986: An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka "Microsoft Excel Information↗2022-05-14

▶

CVEList

CVE-2018-8163: An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka "Microsoft Excel Information↗2018-05-09

▶

📋Vendor Advisories

Microsoft

Microsoft Excel Information Disclosure Vulnerability↗2018-05-08

▶

💬Community

Bugzilla

CVE-2018-10894 keycloak: auth permitted with expired certs in SAML client↗2018-07-09

▶