Main Vulnerability Database Vulnerabilities #VU12493

OS command injection in Microsoft Office - CVE-2018-8150

Published: May 8, 2018 / Updated: May 8, 2018

Vulnerability identifier: #VU12493

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2018-8150

CWE-ID: CWE-78

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Microsoft

Affected software:
Microsoft Office

Detailed vulnerability description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to an error when processing email attachments in Microsoft Outlook. A remote attacker can create a specially crafted attachment, convine the victim to open it and execute arbitrary OS commands on victims computer.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

How to mitigate CVE-2018-8150

Install updates from vendor's website.

Sources

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8150

OS command injection in Microsoft Office - CVE-2018-8150

Detailed vulnerability description

How to mitigate CVE-2018-8150

Sources

Please verify you're human