Information disclosure in Microsoft Office

Published: 2018-08-14 22:55:15
Severity Low
Patch available YES
Number of vulnerabilities 1
CVE ID CVE-2018-8378
CVSSv3 4.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N/E:U/RL:O/RC:C]
CWE ID CWE-125
Exploitation vector Network
Public exploit N/A
Vulnerable software Microsoft Office
Microsoft Word
Microsoft SharePoint Server
Word Automation Services on Microsoft SharePoint Server
Microsoft Office Web Apps
Microsoft Excel
Vulnerable software versions Microsoft Office 2013 RT
Microsoft Office 2010 Service Pack 2
Microsoft Office 2013
Microsoft Office 2016
Microsoft Word Viewer
Microsoft SharePoint Server 2013
Microsoft SharePoint Server 2016
Word Automation Services on Microsoft SharePoint Server 2010 Service Pack 2
Microsoft Office Web Apps 2010 Service Pack 2
Microsoft Office Web Apps 2013 Service Pack 1
Microsoft Excel Viewer 2007 Service Pack 3
Vendor URL Microsoft

Security Advisory

1) Out-of-bounds read

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to out-of-bounds read error when processing Microsoft Office documents. A remote unauthenticated attacker can create a specially crafted Office document, trick the victim into opening it, trigger out-of-bounds read and gain access to contents of memory.

Remediation

Install updates from vendor's website.

External links

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8378

Back to List