CVE-2018-8573
published 2018-11-14CVE-2018-8573: A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka "Microsoft Word Remote Code…
PriorityP348high7.8CVSS 3.0
AVLACLPRNUIRSUCHIHAH
EPSS
19.06%
97.0th percentile
A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka "Microsoft Word Remote Code Execution Vulnerability." This affects Microsoft Word, Office 365 ProPlus, Microsoft Office. This CVE ID is unique from CVE-2018-8539.
Affected
29 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | microsoft_office | — | — |
| microsoft | microsoft_office | — | — |
| microsoft | microsoft_office | — | — |
| microsoft | microsoft_office | — | — |
| microsoft | microsoft_word | — | — |
| microsoft | microsoft_word | — | — |
| microsoft | microsoft_word | — | — |
| microsoft | microsoft_word | — | — |
| microsoft | microsoft_word | — | — |
| microsoft | microsoft_word | — | — |
| microsoft | microsoft_word | — | — |
| microsoft | office | — | — |
| microsoft | office | — | — |
| microsoft | office | — | — |
| microsoft | office | — | — |
| microsoft | office_web_apps | — | — |
| microsoft | sharepoint_server | — | — |
| microsoft | word | — | — |
| microsoft | word | — | — |
| microsoft | word | — | — |
| msrc | microsoft_office_2010_service_pack_2 | — | — |
| msrc | microsoft_office_2019_for_32-bit_editions | — | — |
| msrc | microsoft_office_2019_for_64-bit_editions | — | — |
| msrc | microsoft_word_2010_service_pack_2 | — | — |
| msrc | microsoft_word_2013_rt_service_pack_1 | — | — |
CVSS provenance
nvdv3.07.8HIGHCVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
vendor_msrc7.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-x83v-fp5h-5v3g: A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka "Microsoft Word Remote
ghsa_unreviewed·2022-05-13·CVSS 7.8
CVE-2018-8539 [HIGH] GHSA-x83v-fp5h-5v3g: A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka "Microsoft Word Remote
A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka "Microsoft Word Remote Code Execution Vulnerability." This affects Microsoft SharePoint Server, Microsoft Office. This CVE ID is unique from CVE-2018-8573.
GHSA
GHSA-c558-w58v-5fw4: A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka "Microsoft Word Remote
ghsa_unreviewed·2022-05-13·CVSS 7.8
CVE-2018-8573 [HIGH] GHSA-c558-w58v-5fw4: A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka "Microsoft Word Remote
A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka "Microsoft Word Remote Code Execution Vulnerability." This affects Microsoft Word, Office 365 ProPlus, Microsoft Office. This CVE ID is unique from CVE-2018-8539.
Microsoft
Microsoft Word Remote Code Execution Vulnerability
vendor_msrc·2018-11-13·CVSS 7.8
CVE-2018-8573 [HIGH] Microsoft Word Remote Code Execution Vulnerability
Microsoft Word Remote Code Execution Vulnerability
Description: A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. For example, the file could then take actions on behalf of the logged-on user with the same permissions as the current user.
To exploit the vulnerability, a user must open a specially crafted file with an affected version of Microsoft Word software. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attac
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://www.securityfocus.com/bid/105836http://www.securitytracker.com/id/1042114https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8573http://www.securityfocus.com/bid/105836http://www.securitytracker.com/id/1042114https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8573
2018-11-14
Published