Remote Code Execution Vulnerability in Microsoft Office Products
CVE-2018-8281

7.8HIGH

Key Information:

Vendor
Microsoft
Status
Microsoft Excel Viewer
Microsoft Powerpoint Viewer
Microsoft Office
Microsoft Office Word Viewer
Vendor
CVE Published:
11 July 2018

Summary

A remote code execution vulnerability occurs in Microsoft Office products when improper handling of objects in memory allows attackers to execute arbitrary code. Affected products include Microsoft Excel Viewer, PowerPoint Viewer, and various Office applications. Users opening specially crafted files could potentially enable an attacker to take control of their systems, posing significant security risks to sensitive data and system integrity.

Affected Version(s)

Microsoft Excel Viewer Microsoft Excel Viewer

Microsoft Office 2016 Click-to-Run (C2R) for 32-bit editions

Microsoft Office 2016 Click-to-Run (C2R) for 64-bit editions

References

http://www.securitytracker.com/id/1041252
vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/104609
vdb-entryx_refsource_BID
https://portal.msrc.microsoft.com/en-US/security-guidance...
x_refsource_CONFIRM

EPSS Score

79% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.