CVE-2018-8582

5 documents5 sources
Severity
8.8HIGH
EPSS
32.1%
top 3.18%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Microsoft Microsoft OfficeMicrosoft Microsoft OutlookMicrosoft Office+2 more
Timeline
PublishedNov 14
Latest updateMay 13

Description

A remote code execution vulnerability exists in the way that Microsoft Outlook parses specially modified rule export files, aka "Microsoft Outlook Remote Code Execution Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Outlook. This CVE ID is unique from CVE-2018-8522, CVE-2018-8524, CVE-2018-8576.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages5 packages

NVDmicrosoft/outlook2010, 2013, 2016+2
CVEListV5microsoft/microsoft_outlook7 versions+6
CVEListV5microsoft/office365 ProPlus for 32-bit Systems, 365 ProPlus for 64-bit Systems+1
CVEListV5microsoft/microsoft_office2019 for 32-bit editions, 2019 for 64-bit editions+1

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

2
GHSA
GHSA-3p5h-mwh8-3wx4: A remote code execution vulnerability exists in the way that Microsoft Outlook parses specially modified rule export files, aka "Microsoft Outlook Rem2022-05-13
CVEList
CVE-2018-8582: A remote code execution vulnerability exists in the way that Microsoft Outlook parses specially modified rule export files, aka "Microsoft Outlook Rem2018-11-14

📋Vendor Advisories

1
Microsoft
Microsoft Outlook Remote Code Execution Vulnerability2018-11-13

🕵️Threat Intelligence

1
Fortinet
Patch Your Microsoft Outlook: Fortinet Discovered Four Outlook Remote Code Execution Vulnerabilities2018-11-13