Remote Code Execution Vulnerability in Microsoft PowerPoint
CVE-2018-8376

8.8HIGH

Key Information:

Vendor
Microsoft
Status
Microsoft Powerpoint
Vendor
CVE Published:
15 August 2018

Summary

A remote code execution vulnerability exists in Microsoft PowerPoint due to improper handling of objects in memory. An attacker could exploit this vulnerability by creating a specially crafted file that, when opened by the user, could execute arbitrary code on the affected system. Successful exploitation could allow the attacker to take control of the affected system. It is crucial to apply updates and security patches from Microsoft to mitigate potential risks from this vulnerability. Users are advised to avoid opening untrusted files and to ensure their systems are protected with the latest security features.

Affected Version(s)

Microsoft PowerPoint 2010 Service Pack 2 (32-bit editions)

Microsoft PowerPoint 2010 Service Pack 2 (64-bit editions)

References

http://www.securityfocus.com/bid/104991
vdb-entryx_refsource_BID
https://portal.msrc.microsoft.com/en-US/security-guidance...
x_refsource_CONFIRM
http://www.securitytracker.com/id/1041464
vdb-entryx_refsource_SECTRACK

EPSS Score

63% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.