Remote Code Execution Vulnerability in Microsoft InfoPath
CVE-2018-8173

7.8HIGH

Key Information:

Vendor
Microsoft
Status
Microsoft Infopath
Vendor
CVE Published:
9 May 2018

Summary

A vulnerability in Microsoft InfoPath allows attackers to execute arbitrary code due to improper handling of objects in memory. When exploited, this flaw could enable unauthorized access to sensitive information and control over the affected system, potentially leading to data breaches or other malicious activities. Users of Microsoft InfoPath are advised to apply security patches and follow best practices to mitigate the risks associated with this vulnerability.

Affected Version(s)

Microsoft Infopath 2013 Service Pack 1 (32-bit edition)

Microsoft Infopath 2013 Service Pack 1 (64-bit edition)

References

http://www.securityfocus.com/bid/104069
vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1040855
vdb-entryx_refsource_SECTRACK
https://portal.msrc.microsoft.com/en-US/security-guidance...
x_refsource_CONFIRM

EPSS Score

79% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.