Main Vulnerability Database Vulnerabilities #VU13793

#VU13793 Spoofing attack in Microsoft Office - CVE-2018-8310

Published: July 10, 2018

Vulnerability identifier: #VU13793

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2018-8310

CWE-ID: CWE-451

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Microsoft Office

Software vendor:
Microsoft

Description

The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to improper handling of specific attachment types when rendering HTML emails in Microsoft Outlook. A remote attacker can send a specially crafted email or create an .eml file and trick the victim into opening it and embed untrusted TrueType fonts in the body of an email.

Remediation

Install updates from vendor's website.

External links

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8310

#VU13793 Spoofing attack in Microsoft Office - CVE-2018-8310

Description

Remediation

External links

Please verify you're human