CVE-2018-8331 — Microsoft Office vulnerability

5 documents5 sources

Severity

7.8HIGHNVD

EPSS

33.9%

top 3.03%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Office Microsoft Office

Timeline

PublishedSep 13

Latest updateMay 13

Description

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka "Microsoft Excel Remote Code Execution Vulnerability." This affects Microsoft Office.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

▶NVDmicrosoft/office2016

▶CVEListV5microsoft/microsoft_office2016 Click-to-Run (C2R) for 32-bit editions, 2016 Click-to-Run (C2R) for 64-bit editions, 2016 for Mac+2

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-r7gc-h553-v4x8: A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka "Microsoft↗2022-05-13

▶

CVEList

CVE-2018-8331: A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka "Microsoft↗2018-09-13

▶

📋Vendor Advisories

Microsoft

Microsoft Excel Remote Code Execution Vulnerability↗2018-09-11

▶

💬Community

HackerOne

Vulnerable javascript dependency at Main domain↗2021-08-02

▶