Main Vulnerability Database Vulnerabilities #VU15871

#VU15871 Information disclosure in Microsoft Office - CVE-2018-8558

Published: November 13, 2018

Vulnerability identifier: #VU15871

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2018-8558

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Microsoft Office

Software vendor:
Microsoft

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to an error when Microsoft Outlook fails to respect "Default link type" settings configured via the SharePoint Online Admin Center. A remote attacker can share anonymously-accessible links to other users via email where these links are intended to be accessed only by specific users.

Remediation

Install updates from vendor's website.

External links

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8558

#VU15871 Information disclosure in Microsoft Office - CVE-2018-8558

Description

Remediation

External links

Please verify you're human