CVE-2018-8312

4 documents4 sources

Severity

7.8HIGH

EPSS

24.6%

top 3.88%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Microsoft Access Microsoft Microsoft Office Microsoft Access +1 more

Timeline

PublishedJul 11

Latest updateMay 13

Description

A remote code execution vulnerability exists when Microsoft Access fails to properly handle objects in memory, aka "Microsoft Access Remote Code Execution Vulnerability." This affects Microsoft Access, Microsoft Office.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages4 packages

▶NVDmicrosoft/access2013, 2016+1

▶CVEListV5microsoft/microsoft_access4 versions+3

▶NVDmicrosoft/office2016

▶CVEListV5microsoft/microsoft_office2016 Click-to-Run (C2R) for 32-bit editions, 2016 Click-to-Run (C2R) for 64-bit editions+1

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-jjxr-vhf2-g6pf: A remote code execution vulnerability exists when Microsoft Access fails to properly handle objects in memory, aka "Microsoft Access Remote Code Execu↗2022-05-13

▶

CVEList

CVE-2018-8312: A remote code execution vulnerability exists when Microsoft Access fails to properly handle objects in memory, aka "Microsoft Access Remote Code Execu↗2018-07-11

▶

📋Vendor Advisories

Microsoft

Microsoft Access Remote Code Execution Vulnerability↗2018-07-10

▶