Main Vulnerability Database Vulnerabilities #VU15869

Information disclosure in Microsoft Office - CVE-2018-8579

Published: November 13, 2018

Vulnerability identifier: #VU15869

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2018-8579

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Microsoft

Affected software:
Microsoft Office

Detailed vulnerability description

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to an error when attaching files to Outlook messages. A remote attacker can attach a file as a link to an email, ignore the default organizational setting and share attached files such that they are accessible by anonymous users where they should be restricted to specific users.

How to mitigate CVE-2018-8579

Install updates from vendor's website.

Sources

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8579

Information disclosure in Microsoft Office - CVE-2018-8579

Detailed vulnerability description

How to mitigate CVE-2018-8579

Sources

Please verify you're human