Microsoft Excel Information Disclosure Vulnerability in Office Products
CVE-2018-8246

5.5MEDIUM

Key Information:

Vendor

Microsoft
Status
Excel
Office Compatibility Pack
Office
Excel Viewer
Vendor
CVE Published:
14 June 2018

What is CVE-2018-8246?

An information disclosure vulnerability exists in Microsoft Excel which improperly exposes the memory contents, potentially allowing unauthorized access to sensitive information. This flaw affects various Microsoft Office products, including Microsoft Excel Viewer and Microsoft Excel. Threat actors could exploit this vulnerability to access confidential data unintentionally exposed through memory leaks, posing significant risks to data security and user privacy.

References

https://portal.msrc.microsoft.com/en-US/security-guidance...
x_refsource_CONFIRM
http://www.securitytracker.com/id/1041109
vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/104322
vdb-entryx_refsource_BID

EPSS Score

17% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.