CVE-2018-8281

4 documents4 sources

Severity

7.8HIGH

EPSS

29.8%

top 3.37%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Microsoft Excel Viewer Microsoft Microsoft Office Microsoft Microsoft Office Word Viewer +2 more

Timeline

PublishedJul 11

Latest updateMay 13

Description

A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory, aka "Microsoft Office Remote Code Execution Vulnerability." This affects Microsoft Excel Viewer, Microsoft PowerPoint Viewer, Microsoft Office, Microsoft Office Word Viewer.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages5 packages

▶CVEListV5microsoft/microsoft_office_word_viewerMicrosoft Office Word Viewer

▶NVDmicrosoft/office2016

▶CVEListV5microsoft/microsoft_office4 versions+3

▶CVEListV5microsoft/microsoft_excel_viewerMicrosoft Excel Viewer

▶CVEListV5microsoft/microsoft_powerpoint_viewerMicrosoft PowerPoint Viewer

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-6wfr-mcgq-ph4v: A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory, aka "Microsoft↗2022-05-13

▶

CVEList

CVE-2018-8281: A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory, aka "Microsoft↗2018-07-11

▶

📋Vendor Advisories

Microsoft

Microsoft Office Remote Code Execution Vulnerability↗2018-07-10

▶