CVE-2018-8173

4 documents4 sources

Severity

7.8HIGH

EPSS

33.9%

top 3.04%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Microsoft Infopath Microsoft Infopath

Timeline

PublishedMay 9

Latest updateMay 13

Description

A remote code execution vulnerability exists in Microsoft InfoPath when the software fails to properly handle objects in memory, aka "Microsoft InfoPath Remote Code Execution Vulnerability." This affects Microsoft Infopath.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

▶NVDmicrosoft/infopath2013

▶CVEListV5microsoft/microsoft_infopath2013 Service Pack 1 (32-bit edition), 2013 Service Pack 1 (64-bit edition)+1

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-332w-5chw-jpv3: A remote code execution vulnerability exists in Microsoft InfoPath when the software fails to properly handle objects in memory, aka "Microsoft InfoPa↗2022-05-13

▶

CVEList

CVE-2018-8173: A remote code execution vulnerability exists in Microsoft InfoPath when the software fails to properly handle objects in memory, aka "Microsoft InfoPa↗2018-05-09

▶

📋Vendor Advisories

Microsoft

Microsoft InfoPath Remote Code Execution Vulnerability↗2018-05-08

▶