CVE-2018-8628

4 documents4 sources
Severity
7.8HIGH
EPSS
34.5%
top 3.00%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
11
Microsoft Microsoft OfficeMicrosoft Microsoft PowerpointMicrosoft Microsoft Powerpoint Viewer+8 more
Timeline
PublishedDec 12
Latest updateMay 13

Description

A remote code execution vulnerability exists in Microsoft PowerPoint software when the software fails to properly handle objects in memory, aka "Microsoft PowerPoint Remote Code Execution Vulnerability." This affects Microsoft Office, Office 365 ProPlus, Microsoft PowerPoint, Microsoft SharePoint, Microsoft PowerPoint Viewer, Office Online Server, Microsoft SharePoint Server.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages12 packages

CVEListV5microsoft/office_online_serverOffice Online Server
CVEListV5microsoft/microsoft_powerpoint_viewerMicrosoft PowerPoint Viewer
NVDmicrosoft/powerpoint2010, 2013, 2016+2
NVDmicrosoft/sharepoint_server2013, 2019+1
CVEListV5microsoft/microsoft_powerpoint7 versions+6

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

2
GHSA
GHSA-9rx5-f8r3-qfcm: A remote code execution vulnerability exists in Microsoft PowerPoint software when the software fails to properly handle objects in memory, aka "Micro2022-05-13
CVEList
CVE-2018-8628: A remote code execution vulnerability exists in Microsoft PowerPoint software when the software fails to properly handle objects in memory, aka "Micro2018-12-12

📋Vendor Advisories

1
Microsoft
Microsoft PowerPoint Remote Code Execution Vulnerability2018-12-11
CVE-2018-8628 (HIGH CVSS 7.8) | A remote code execution vulnerabili | cvebase.io