CVE-2018-8427

CWE-200 — Information Exposure4 documents4 sources

Severity

5.5MEDIUM

EPSS

6.3%

top 9.07%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Microsoft Excel Viewer Microsoft Microsoft Office Microsoft Microsoft Office Word Viewer +5 more

Timeline

PublishedOct 10

Latest updateMay 14

Description

An information disclosure vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka "Microsoft Graphics Components Information Disclosure Vulnerability." This affects Microsoft Office, Microsoft Office Word Viewer, Office 365 ProPlus, Windows Server 2008, Microsoft PowerPoint Viewer, Microsoft Excel Viewer.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages9 packages

▶CVEListV5microsoft/microsoft_office_word_viewerMicrosoft Office Word Viewer

▶NVDmicrosoft/excel_viewer2007

▶NVDmicrosoft/powerpoint_viewer2007

▶CVEListV5microsoft/microsoft_excel_viewer2007 Service Pack 3

▶CVEListV5microsoft/microsoft_powerpoint_viewer2007

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-ch57-57p3-fhm7: An information disclosure vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka "Microsoft Graphics Compone↗2022-05-14

▶

CVEList

CVE-2018-8427: An information disclosure vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka "Microsoft Graphics Compone↗2018-10-10

▶

📋Vendor Advisories

Microsoft

Microsoft Graphics Components Information Disclosure Vulnerability↗2018-10-09

▶