Remote Code Execution Vulnerability in Microsoft Project Software
CVE-2018-8575

7.8HIGH

Key Information:

Vendor

Microsoft
Status
Microsoft Project
Office
Microsoft Project Server
Vendor
CVE Published:
14 November 2018

What is CVE-2018-8575?

A remote code execution vulnerability has been identified in Microsoft Project software due to improper handling of objects in memory. This flaw can be exploited, allowing attackers to execute arbitrary code on affected systems. Users of Microsoft Project, Office 365 ProPlus, and Microsoft Project Server should take immediate precautions to safeguard their environments and apply security updates as they become available. This vulnerability poses significant risks, making awareness and proactive measures critical for affected users.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Microsoft Project 2010 Service Pack 2 (32-bit editions)

Microsoft Project 2010 Service Pack 2 (64-bit editions)

Microsoft Project 2016 (32-bit edition)

References

https://portal.msrc.microsoft.com/en-US/security-guidance...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/105807
vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1042116
vdb-entryx_refsource_SECTRACK

EPSS Score

24% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.