Remote Code Execution Vulnerability in Microsoft Excel Products
CVE-2018-8375

7.8HIGH

Key Information:

Vendor
Microsoft
Status
Microsoft Excel Viewer
Microsoft Office
Microsoft Excel
Vendor
CVE Published:
15 August 2018

Summary

A remote code execution vulnerability exists in Microsoft Excel due to improper handling of objects in memory. This flaw can allow an attacker to execute arbitrary code on the target system when a victim opens a manipulated Excel file. The issue affects Microsoft Excel Viewer, Microsoft Office, and Microsoft Excel itself, raising significant security concerns for users. To mitigate potential risks, it's crucial to promptly update to the latest software versions and apply relevant security patches.

Affected Version(s)

Microsoft Excel 2010 Service Pack 2 (32-bit editions)

Microsoft Excel 2010 Service Pack 2 (64-bit editions)

Microsoft Excel 2013 RT Service Pack 1

References

http://www.securityfocus.com/bid/104989
vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1041463
vdb-entryx_refsource_SECTRACK
https://portal.msrc.microsoft.com/en-US/security-guidance...
x_refsource_CONFIRM

EPSS Score

80% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.