CVE-2018-8412

CWE-20 — Improper Input Validation4 documents4 sources

Severity

7.8HIGH

EPSS

1.1%

top 22.36%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Microsoft Office Microsoft Office FOR MAC

Timeline

PublishedAug 15

Latest updateMay 14

Description

An elevation of privilege vulnerability exists when the Microsoft AutoUpdate (MAU) application for Mac improperly validates updates before executing them, aka "Microsoft (MAU) Office Elevation of Privilege Vulnerability." This affects Microsoft Office.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

▶NVDmicrosoft/office2016

▶CVEListV5microsoft/microsoft_office2016 for Mac

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-345c-xx24-53p2: An elevation of privilege vulnerability exists when the Microsoft AutoUpdate (MAU) application for Mac improperly validates updates before executing t↗2022-05-14

▶

CVEList

CVE-2018-8412: An elevation of privilege vulnerability exists when the Microsoft AutoUpdate (MAU) application for Mac improperly validates updates before executing t↗2018-08-15

▶

📋Vendor Advisories

Microsoft

Microsoft (MAU) Office Elevation of Privilege Vulnerability↗2018-08-14

▶