CVE-2018-8522

5 documents5 sources
Severity
7.8HIGH
EPSS
32.6%
top 3.13%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Microsoft Microsoft OfficeMicrosoft Microsoft OutlookMicrosoft Office+2 more
Timeline
PublishedNov 14
Latest updateMay 13

Description

A remote code execution vulnerability exists in Microsoft Outlook software when it fails to properly handle objects in memory, aka "Microsoft Outlook Remote Code Execution Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Outlook. This CVE ID is unique from CVE-2018-8524, CVE-2018-8576, CVE-2018-8582.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages6 packages

NVDmicrosoft/outlook2010, 2013, 2016+2
CVEListV5microsoft/microsoft_outlook7 versions+6
CVEListV5microsoft/office365 ProPlus for 32-bit Systems, 365 ProPlus for 64-bit Systems+1

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

2
GHSA
GHSA-2h32-xchg-737h: A remote code execution vulnerability exists in Microsoft Outlook software when it fails to properly handle objects in memory, aka "Microsoft Outlook2022-05-13
CVEList
CVE-2018-8522: A remote code execution vulnerability exists in Microsoft Outlook software when it fails to properly handle objects in memory, aka "Microsoft Outlook2018-11-14

📋Vendor Advisories

1
Microsoft
Microsoft Outlook Remote Code Execution Vulnerability2018-11-13

🕵️Threat Intelligence

1
Fortinet
Patch Your Microsoft Outlook: Fortinet Discovered Four Outlook Remote Code Execution Vulnerabilities2018-11-13