Information disclosure in Microsoft products - CVE-2018-8427
Published: October 9, 2018 / Updated: October 9, 2018
Vulnerability identifier: #VU15265
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2018-8427
CWE-ID: CWE-119
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Microsoft
Affected software:
Windows Server
Microsoft Office for macOS
Microsoft Word
Microsoft Office Compatibility Pack
Microsoft Excel
Microsoft PowerPoint
Microsoft Office
Windows Server
Microsoft Office for macOS
Microsoft Word
Microsoft Office Compatibility Pack
Microsoft Excel
Microsoft PowerPoint
Microsoft Office
Detailed vulnerability description
The vulnerability allows a remote attacker to obtain potentially sensitive information.
The vulnerability exists due to boundary error when Microsoft Graphics Components handle objects in memory. A remote attacker can trick the victim into opening a specially crafted file, trigger memory corruption and gain access to potentially sensitive information.
How to mitigate CVE-2018-8427
Install updates from vendor's website.