CVE-2018-8378

CWE-125Out-of-bounds ReadCWE-908Use of Uninitialized Resource5 documents5 sources
Severity
5.5MEDIUM
EPSS
26.9%
top 3.63%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
10
Microsoft Microsoft Excel ViewerMicrosoft Microsoft OfficeMicrosoft Microsoft Office Word Viewer+7 more
Timeline
PublishedAug 15
Latest updateMay 13

Description

An information disclosure vulnerability exists when Microsoft Office software reads out of bound memory due to an uninitialized variable, which could disclose the contents of memory, aka "Microsoft Office Information Disclosure Vulnerability." This affects Word, Microsoft SharePoint Server, Microsoft Office Word Viewer, Microsoft Excel Viewer, Microsoft SharePoint, Microsoft Office.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages10 packages

CVEListV5microsoft/microsoft_office_word_viewerMicrosoft Office Word Viewer
NVDmicrosoft/office2010, 2013, 2016+2
NVDmicrosoft/office_web_apps2010, 2013+1
CVEListV5microsoft/microsoft_office11 versions+10

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

2
GHSA
GHSA-q4j3-h8qw-m7m4: An information disclosure vulnerability exists when Microsoft Office software reads out of bound memory due to an uninitialized variable, which could2022-05-13
CVEList
CVE-2018-8378: An information disclosure vulnerability exists when Microsoft Office software reads out of bound memory due to an uninitialized variable, which could2018-08-15

📋Vendor Advisories

1
Microsoft
Microsoft Office Information Disclosure Vulnerability2018-08-14
CVE-2018-8378 (MEDIUM CVSS 5.5) | An information disclosure vulnerabi | cvebase.io