CVE-2018-8524
published 2018-11-14CVE-2018-8524: A remote code execution vulnerability exists in Microsoft Outlook software when it fails to properly handle objects in memory, aka "Microsoft Outlook Remote…
PriorityP348high7.8CVSS 3.0
AVLACLPRNUIRSUCHIHAH
EPSS
19.06%
97.0th percentile
A remote code execution vulnerability exists in Microsoft Outlook software when it fails to properly handle objects in memory, aka "Microsoft Outlook Remote Code Execution Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Outlook. This CVE ID is unique from CVE-2018-8522, CVE-2018-8576, CVE-2018-8582.
Affected
24 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | microsoft_office | — | — |
| microsoft | microsoft_office | — | — |
| microsoft | microsoft_outlook | — | — |
| microsoft | microsoft_outlook | — | — |
| microsoft | microsoft_outlook | — | — |
| microsoft | microsoft_outlook | — | — |
| microsoft | microsoft_outlook | — | — |
| microsoft | microsoft_outlook | — | — |
| microsoft | microsoft_outlook | — | — |
| microsoft | office | — | — |
| microsoft | office | — | — |
| microsoft | office | — | — |
| microsoft | outlook | — | — |
| microsoft | outlook | — | — |
| microsoft | outlook | — | — |
| microsoft | outlook_rt | — | — |
| msrc | microsoft_office_2019_for_32-bit_editions | — | — |
| msrc | microsoft_office_2019_for_64-bit_editions | — | — |
| msrc | microsoft_outlook_2010_service_pack_2 | — | — |
| msrc | microsoft_outlook_2013_rt_service_pack_1 | — | — |
| msrc | microsoft_outlook_2013_service_pack_1 | — | — |
| msrc | microsoft_outlook_2016 | — | — |
| msrc | office_365_proplus_for_32-bit_systems | — | — |
| msrc | office_365_proplus_for_64-bit_systems | — | — |
CVSS provenance
nvdv3.07.8HIGHCVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
vendor_msrc7.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-hx45-wg8j-h8p8: A remote code execution vulnerability exists in Microsoft Outlook software when it fails to properly handle objects in memory, aka "Microsoft Outlook
ghsa_unreviewed·2022-05-13·CVSS 7.8
CVE-2018-8576 [HIGH] GHSA-hx45-wg8j-h8p8: A remote code execution vulnerability exists in Microsoft Outlook software when it fails to properly handle objects in memory, aka "Microsoft Outlook
A remote code execution vulnerability exists in Microsoft Outlook software when it fails to properly handle objects in memory, aka "Microsoft Outlook Remote Code Execution Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Outlook. This CVE ID is unique from CVE-2018-8522, CVE-2018-8524, CVE-2018-8582.
GHSA
GHSA-3p5h-mwh8-3wx4: A remote code execution vulnerability exists in the way that Microsoft Outlook parses specially modified rule export files, aka "Microsoft Outlook Rem
ghsa_unreviewed·2022-05-13·CVSS 7.8
CVE-2018-8582 [HIGH] GHSA-3p5h-mwh8-3wx4: A remote code execution vulnerability exists in the way that Microsoft Outlook parses specially modified rule export files, aka "Microsoft Outlook Rem
A remote code execution vulnerability exists in the way that Microsoft Outlook parses specially modified rule export files, aka "Microsoft Outlook Remote Code Execution Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Outlook. This CVE ID is unique from CVE-2018-8522, CVE-2018-8524, CVE-2018-8576.
GHSA
GHSA-58vr-hgh9-9hw8: A remote code execution vulnerability exists in Microsoft Outlook software when it fails to properly handle objects in memory, aka "Microsoft Outlook
ghsa_unreviewed·2022-05-13·CVSS 7.8
CVE-2018-8524 [HIGH] GHSA-58vr-hgh9-9hw8: A remote code execution vulnerability exists in Microsoft Outlook software when it fails to properly handle objects in memory, aka "Microsoft Outlook
A remote code execution vulnerability exists in Microsoft Outlook software when it fails to properly handle objects in memory, aka "Microsoft Outlook Remote Code Execution Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Outlook. This CVE ID is unique from CVE-2018-8522, CVE-2018-8576, CVE-2018-8582.
GHSA
GHSA-2h32-xchg-737h: A remote code execution vulnerability exists in Microsoft Outlook software when it fails to properly handle objects in memory, aka "Microsoft Outlook
ghsa_unreviewed·2022-05-13·CVSS 7.8
CVE-2018-8522 [HIGH] GHSA-2h32-xchg-737h: A remote code execution vulnerability exists in Microsoft Outlook software when it fails to properly handle objects in memory, aka "Microsoft Outlook
A remote code execution vulnerability exists in Microsoft Outlook software when it fails to properly handle objects in memory, aka "Microsoft Outlook Remote Code Execution Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Outlook. This CVE ID is unique from CVE-2018-8524, CVE-2018-8576, CVE-2018-8582.
Microsoft
Microsoft Outlook Remote Code Execution Vulnerability
vendor_msrc·2018-11-13·CVSS 7.8
CVE-2018-8524 [HIGH] Microsoft Outlook Remote Code Execution Vulnerability
Microsoft Outlook Remote Code Execution Vulnerability
Description: A remote code execution vulnerability exists in Microsoft Outlook software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. For example, the file could then take actions on behalf of the logged-on user with the same permissions as the current user.
To exploit the vulnerability, a user must open a specially crafted file with an affected version of Microsoft Outlook software. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario,
No detection rules found.
No public exploits indexed.
http://www.securityfocus.com/bid/105823http://www.securitytracker.com/id/1042110https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8524http://www.securityfocus.com/bid/105823http://www.securitytracker.com/id/1042110https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8524
2018-11-14
Published