CVE-2018-8587

5 documents5 sources
Severity
7.8HIGH
EPSS
46.8%
top 2.33%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Microsoft Microsoft OfficeMicrosoft Microsoft OutlookMicrosoft Office
Timeline
PublishedDec 12
Latest updateMay 13

Description

A remote code execution vulnerability exists in Microsoft Outlook software when it fails to properly handle objects in memory, aka "Microsoft Outlook Remote Code Execution Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Outlook.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages4 packages

CVEListV5microsoft/microsoft_outlook7 versions+6
CVEListV5microsoft/office365 ProPlus for 32-bit Systems, 365 ProPlus for 64-bit Systems+1
NVDmicrosoft/office4 versions+3
CVEListV5microsoft/microsoft_office2019 for 32-bit editions, 2019 for 64-bit editions+1

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

2
GHSA
GHSA-452c-qvj7-x6xq: A remote code execution vulnerability exists in Microsoft Outlook software when it fails to properly handle objects in memory, aka "Microsoft Outlook2022-05-13
CVEList
CVE-2018-8587: A remote code execution vulnerability exists in Microsoft Outlook software when it fails to properly handle objects in memory, aka "Microsoft Outlook2018-12-12

📋Vendor Advisories

1
Microsoft
Microsoft Outlook Remote Code Execution Vulnerability2018-12-11

🕵️Threat Intelligence

1
Fortinet
A Deep Analysis of the Microsoft Outlook Vulnerability CVE-2018-85872018-12-16
CVE-2018-8587 (HIGH CVSS 7.8) | A remote code execution vulnerabili | cvebase.io