CVE-2018-8310

4 documents4 sources

Severity

7.5HIGH

EPSS

13.3%

top 5.83%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Microsoft Office Microsoft Microsoft Word Microsoft Office +1 more

Timeline

PublishedJul 11

Latest updateMay 13

Description

A tampering vulnerability exists when Microsoft Outlook does not properly handle specific attachment types when rendering HTML emails, aka "Microsoft Office Tampering Vulnerability." This affects Microsoft Word, Microsoft Office.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

▶NVDmicrosoft/office2010, 2016+1

▶CVEListV5microsoft/microsoft_office4 versions+3

▶NVDmicrosoft/word2010, 2013, 2016+2

▶CVEListV5microsoft/microsoft_word7 versions+6

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-r995-g428-fh4c: A tampering vulnerability exists when Microsoft Outlook does not properly handle specific attachment types when rendering HTML emails, aka "Microsoft↗2022-05-13

▶

CVEList

CVE-2018-8310: A tampering vulnerability exists when Microsoft Outlook does not properly handle specific attachment types when rendering HTML emails, aka "Microsoft↗2018-07-11

▶

📋Vendor Advisories

Microsoft

Microsoft Office Tampering Vulnerability↗2018-07-10

▶