Remote Code Execution Vulnerability in Microsoft Project Software
CVE-2018-8575

7.8HIGH

Key Information:

Vendor
Microsoft
Status
Microsoft Project
Office
Microsoft Project Server
Vendor
CVE Published:
14 November 2018

Summary

A remote code execution vulnerability has been identified in Microsoft Project software due to improper handling of objects in memory. This flaw can be exploited, allowing attackers to execute arbitrary code on affected systems. Users of Microsoft Project, Office 365 ProPlus, and Microsoft Project Server should take immediate precautions to safeguard their environments and apply security updates as they become available. This vulnerability poses significant risks, making awareness and proactive measures critical for affected users.

Affected Version(s)

Microsoft Project 2010 Service Pack 2 (32-bit editions)

Microsoft Project 2010 Service Pack 2 (64-bit editions)

Microsoft Project 2016 (32-bit edition)

References

https://portal.msrc.microsoft.com/en-US/security-guidance...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/105807
vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1042116
vdb-entryx_refsource_SECTRACK

EPSS Score

85% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.