CVE-2018-8244

CWE-20Improper Input Validation4 documents4 sources
Severity
6.5MEDIUM
EPSS
16.6%
top 5.08%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Microsoft Microsoft OfficeMicrosoft Microsoft OutlookMicrosoft Office+2 more
Timeline
PublishedJun 14
Latest updateMay 14

Description

An elevation of privilege vulnerability exists when Microsoft Outlook does not validate attachment headers properly, aka "Microsoft Outlook Elevation of Privilege Vulnerability." This affects Microsoft Office, Microsoft Outlook.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages5 packages

NVDmicrosoft/outlook2010, 2013, 2016+2
CVEListV5microsoft/microsoft_outlook7 versions+6
CVEListV5microsoft/microsoft_office2016 Click-to-Run (C2R) for 32-bit editions, 2016 Click-to-Run (C2R) for 64-bit editions+1

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

2
GHSA
GHSA-hw92-6x7q-xg4p: An elevation of privilege vulnerability exists when Microsoft Outlook does not validate attachment headers properly, aka "Microsoft Outlook Elevation2022-05-14
CVEList
CVE-2018-8244: An elevation of privilege vulnerability exists when Microsoft Outlook does not validate attachment headers properly, aka "Microsoft Outlook Elevation2018-06-14

📋Vendor Advisories

1
Microsoft
Microsoft Outlook Elevation of Privilege Vulnerability2018-06-12