Main Vulnerability Database Vulnerabilities #VU15871

Information disclosure in Microsoft Office - CVE-2018-8558

Published: November 13, 2018

Vulnerability identifier: #VU15871

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2018-8558

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Microsoft

Affected software:
Microsoft Office

Detailed vulnerability description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to an error when Microsoft Outlook fails to respect "Default link type" settings configured via the SharePoint Online Admin Center. A remote attacker can share anonymously-accessible links to other users via email where these links are intended to be accessed only by specific users.

How to mitigate CVE-2018-8558

Install updates from vendor's website.

Sources

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8558

Information disclosure in Microsoft Office - CVE-2018-8558

Detailed vulnerability description

How to mitigate CVE-2018-8558

Sources

Please verify you're human