Main Vulnerability Database Vulnerabilities #VU15869

#VU15869 Information disclosure in Microsoft Office - CVE-2018-8579

Published: November 13, 2018

Vulnerability identifier: #VU15869

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2018-8579

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Microsoft Office

Software vendor:
Microsoft

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to an error when attaching files to Outlook messages. A remote attacker can attach a file as a link to an email, ignore the default organizational setting and share attached files such that they are accessible by anonymous users where they should be restricted to specific users.

Remediation

Install updates from vendor's website.

External links

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8579