CVE-2018-8432

4 documents4 sources

Severity

7.8HIGH

EPSS

33.9%

top 3.04%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Microsoft Excel Viewer Microsoft Microsoft Office Microsoft Microsoft Office Word Viewer +9 more

Timeline

PublishedOct 10

Latest updateMay 13

Description

A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka "Microsoft Graphics Components Remote Code Execution Vulnerability." This affects Windows 7, Microsoft Office, Microsoft Office Word Viewer, Office 365 ProPlus, Microsoft Excel Viewer, Microsoft PowerPoint Viewer, Windows Server 2019, Windows Server 2008 R2, Windows 10, Windows Server 2008.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages15 packages

▶CVEListV5microsoft/windows_server_20085 versions+4

▶CVEListV5microsoft/windows_server_2008_r2Itanium-Based Systems Service Pack 1, x64-based Systems Service Pack 1, x64-based Systems Service Pack 1 (Server Core installation)+2

▶CVEListV5microsoft/windows_server_2019(Server Core installation)

▶CVEListV5microsoft/microsoft_office_word_viewerMicrosoft Office Word Viewer

▶NVDmicrosoft/windowsr2

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-w9fx-69v3-2jgx: A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka "Microsoft Graphics Component↗2022-05-13

▶

CVEList

CVE-2018-8432: A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka "Microsoft Graphics Component↗2018-10-10

▶

📋Vendor Advisories

Microsoft

Microsoft Graphics Components Remote Code Execution Vulnerability↗2018-10-09

▶

External resources

NVD MITRE

Affected products12

Microsoft Excel Viewerv2007

Microsoft Microsoft Excel Viewerv2007 Service Pack 3

Microsoft Microsoft Officev2016 for Macv2019 for 32-bit editionsv2019 for 64-bit editions+1 more

Microsoft Microsoft Office Word ViewervMicrosoft Office Word Viewer

Microsoft Microsoft Powerpoint Viewerv2007

Microsoft Officev365 ProPlus for 32-bit Systemsv365 ProPlus for 64-bit Systemsv2016+1 more

Microsoft Powerpoint Viewerv2007

Microsoft Windows 10vVersion 1809 for 32-bit SystemsvVersion 1809 for x64-based Systemsv1809

Microsoft Windows 7v32-bit Systems Service Pack 1vx64-based Systems Service Pack 1

Microsoft Windows Server 2008v32-bit Systems Service Pack 2v32-bit Systems Service Pack 2 (Server Core installation)vItanium-Based Systems Service Pack 2+3 more

Disclosure

PublishedOct 10, 2018

Latest updateMay 13, 2022