⚠ Exploited in the wild
Exploitation observed in the wild. Not yet on CISA KEV.

CVE-2018-8627

CWE-908Use of Uninitialized Resource5 documents5 sources
Severity
5.5MEDIUM
EPSS
28.6%
top 3.46%
CISA KEV
Not in KEV
Exploit
Exploited in wild
Active exploitation observed
Affected products
7
Microsoft ExcelMicrosoft Microsoft ExcelMicrosoft Microsoft Excel Viewer+4 more
Timeline
PublishedDec 12
Latest updateMay 13

Description

An information disclosure vulnerability exists when Microsoft Excel software reads out of bound memory due to an uninitialized variable, which could disclose the contents of memory, aka "Microsoft Excel Information Disclosure Vulnerability." This affects Microsoft Office, Office 365 ProPlus, Microsoft Excel, Microsoft Excel Viewer, Excel. This CVE ID is unique from CVE-2018-8598.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages9 packages

CVEListV5microsoft/microsoft_excel_viewer2007 Service Pack 3
CVEListV5microsoft/excelServices on Microsoft SharePoint Server 2010 Service Pack 2
NVDmicrosoft/excel2010, 2013, 2016+2
CVEListV5microsoft/microsoft_excel7 versions+6

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

3
GHSA
GHSA-jq29-w2g2-mrm3: An information disclosure vulnerability exists when Microsoft Excel software reads out of bound memory due to an uninitialized variable, which could d2022-05-13
CVEList
CVE-2018-8627: An information disclosure vulnerability exists when Microsoft Excel software reads out of bound memory due to an uninitialized variable, which could d2018-12-12
VulnCheck
Microsoft Excel Use of Uninitialized Resource2018

📋Vendor Advisories

1
Microsoft
Microsoft Excel Information Disclosure Vulnerability2018-12-11
CVE-2018-8627 (MEDIUM CVSS 5.5) | An information disclosure vulnerabi | cvebase.io