Remote Code Execution Vulnerability in Microsoft Excel
CVE-2018-8577

7.8HIGH

Key Information:

Vendor
Microsoft
Status
Microsoft Office
Microsoft Excel
Microsoft Excel Viewer
Excel
Vendor
CVE Published:
14 November 2018

Summary

A remote code execution vulnerability arises in Microsoft Excel when the application inadequately manages objects in memory. Attackers can exploit this flaw to execute arbitrary code in the context of the user, potentially leading to unauthorized operations within the affected software. This vulnerability impacts multiple Microsoft products, including Excel, Office, and Office 365 ProPlus, emphasizing the importance of implementing timely security updates to mitigate risks.

Affected Version(s)

Excel Services on Microsoft SharePoint Server 2010 Service Pack 2

Microsoft Excel 2010 Service Pack 2 (32-bit editions)

Microsoft Excel 2010 Service Pack 2 (64-bit editions)

References

http://www.securityfocus.com/bid/105834
vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1042134
vdb-entryx_refsource_SECTRACK
https://portal.msrc.microsoft.com/en-US/security-guidance...
x_refsource_CONFIRM

EPSS Score

85% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.