Remote Code Execution Vulnerability in Microsoft Graphics Components
CVE-2018-8432

7.8HIGH

Key Information:

Vendor
Microsoft
Status
Windows 7
Microsoft Office
Microsoft Office Word Viewer
Microsoft Excel Viewer
Vendor
CVE Published:
10 October 2018

Summary

A remote code execution vulnerability exists in the handling of objects in memory by Microsoft Graphics Components. This vulnerability can be exploited when a user opens a specially crafted document or image file, potentially allowing an attacker to execute arbitrary code on the affected system. Systems running Windows 7, Windows 10, various Windows Server versions, and Microsoft Office products are particularly at risk. Prompt updates and security patches are recommended to mitigate this vulnerability.

Affected Version(s)

Microsoft Excel Viewer 2007 Service Pack 3

Microsoft Office 2016 for Mac

Microsoft Office 2019 for 32-bit editions

References

http://www.securityfocus.com/bid/105458
vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1041823
vdb-entryx_refsource_SECTRACK
https://portal.msrc.microsoft.com/en-US/security-guidance...
x_refsource_CONFIRM

EPSS Score

85% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.