⚠ Exploited in the wild
Exploitation observed in the wild. Not yet on CISA KEV.

CVE-2018-8598

5 documents5 sources
Severity
4.7MEDIUM
EPSS
12.0%
top 6.23%
CISA KEV
Not in KEV
Exploit
Exploited in wild
Active exploitation observed
Affected products
5
Microsoft ExcelMicrosoft Microsoft ExcelMicrosoft Microsoft Excel Viewer+2 more
Timeline
PublishedDec 12
Latest updateMay 13

Description

An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka "Microsoft Excel Information Disclosure Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Excel. This CVE ID is unique from CVE-2018-8627.

CVSS vector

CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 1.0 | Impact: 3.6

Affected Packages7 packages

CVEListV5microsoft/excelServices on Microsoft SharePoint Server 2010 Service Pack 2
NVDmicrosoft/excel2010, 2013, 2016+2
CVEListV5microsoft/microsoft_excel7 versions+6
CVEListV5microsoft/microsoft_excel_viewer2007 Service Pack 3
CVEListV5microsoft/office365 ProPlus for 32-bit Systems, 365 ProPlus for 64-bit Systems+1

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

3
GHSA
GHSA-643h-w2r6-x59x: An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka "Microsoft Excel Information2022-05-13
CVEList
CVE-2018-8598: An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka "Microsoft Excel Information2018-12-12
VulnCheck
Microsoft Excel Information Disclosure Vulnerability2018

📋Vendor Advisories

1
Microsoft
Microsoft Excel Information Disclosure Vulnerability2018-12-11
CVE-2018-8598 (MEDIUM CVSS 4.7) | An information disclosure vulnerabi | cvebase.io