CVE-2018-8573

4 documents4 sources
Severity
7.8HIGH
EPSS
32.8%
top 3.12%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Microsoft Microsoft OfficeMicrosoft Microsoft WordMicrosoft Office+1 more
Timeline
PublishedNov 14
Latest updateMay 13

Description

A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka "Microsoft Word Remote Code Execution Vulnerability." This affects Microsoft Word, Office 365 ProPlus, Microsoft Office. This CVE ID is unique from CVE-2018-8539.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages5 packages

NVDmicrosoft/word2010, 2013, 2016+2
CVEListV5microsoft/microsoft_word7 versions+6
CVEListV5microsoft/office365 ProPlus for 32-bit Systems, 365 ProPlus for 64-bit Systems+1
NVDmicrosoft/office2010, 2019+1
CVEListV5microsoft/microsoft_office4 versions+3

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

2
GHSA
GHSA-c558-w58v-5fw4: A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka "Microsoft Word Remote2022-05-13
CVEList
CVE-2018-8573: A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka "Microsoft Word Remote2018-11-14

📋Vendor Advisories

1
Microsoft
Microsoft Word Remote Code Execution Vulnerability2018-11-13
CVE-2018-8573 (HIGH CVSS 7.8) | A remote code execution vulnerabili | cvebase.io