CVE-2018-8539

4 documents4 sources
Severity
7.8HIGH
EPSS
36.1%
top 2.91%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Microsoft Microsoft OfficeMicrosoft Microsoft Sharepoint ServerMicrosoft Microsoft Word+3 more
Timeline
PublishedNov 14
Latest updateMay 13

Description

A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka "Microsoft Word Remote Code Execution Vulnerability." This affects Microsoft SharePoint Server, Microsoft Office. This CVE ID is unique from CVE-2018-8573.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages7 packages

CVEListV5microsoft/microsoft_word7 versions+6
CVEListV5microsoft/microsoft_sharepoint_server2010 Service Pack 2
CVEListV5microsoft/office365 ProPlus for 32-bit Systems, 365 ProPlus for 64-bit Systems+1

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

2
GHSA
GHSA-x83v-fp5h-5v3g: A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka "Microsoft Word Remote2022-05-13
CVEList
CVE-2018-8539: A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka "Microsoft Word Remote2018-11-14

📋Vendor Advisories

1
Microsoft
Microsoft Word Remote Code Execution Vulnerability2018-11-13
CVE-2018-8539 (HIGH CVSS 7.8) | A remote code execution vulnerabili | cvebase.io