Main Vulnerability Database Vulnerabilities #VU12810

XML Processing Flaw in Microsoft PowerPoint for macOS and Microsoft Office for macOS - CVE-2018-8176

Published: May 17, 2018 / Updated: May 18, 2018

Vulnerability identifier: #VU12810

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:L/SI:N/SA:N/E:P/U:Amber

CVE-ID: CVE-2018-8176

CWE-ID: CWE-611

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Microsoft

Affected software:
Microsoft PowerPoint for macOS
Microsoft Office for macOS

Detailed vulnerability description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to improper validation of XML content. A remote user can trick the victim into opening a specially crafted XML file and execute arbitrary code with privileges of the current user.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

How to mitigate CVE-2018-8176

Install update from vendor's website.

Sources

https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2018-8176

XML Processing Flaw in Microsoft PowerPoint for macOS and Microsoft Office for macOS - CVE-2018-8176

Detailed vulnerability description

How to mitigate CVE-2018-8176

Sources

Please verify you're human