CVE-2018-8427
Severity Score
5.5
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
An information disclosure vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka "Microsoft Graphics Components Information Disclosure Vulnerability." This affects Microsoft Office, Microsoft Office Word Viewer, Office 365 ProPlus, Windows Server 2008, Microsoft PowerPoint Viewer, Microsoft Excel Viewer.
Existe una vulnerabilidad de divulgación de información cuando el componente Windows Graphics de Microsoft gestiona los objetos en la memoria. Esto también se conoce como "Microsoft Graphics Components Information Disclosure Vulnerability". Esto afecta a Microsoft Office, Microsoft Office Word Viewer, Office 365 ProPlus, Windows Server 2008, Microsoft PowerPoint Viewer y Microsoft Excel Viewer.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2018-03-14 CVE Reserved
- 2018-10-10 CVE Published
- 2024-08-05 CVE Updated
- 2024-09-19 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/105453 | Third Party Advisory | |
| http://www.securitytracker.com/id/1041823 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8427 | 2018-11-27 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Microsoft Search vendor "Microsoft" | Excel Viewer Search vendor "Microsoft" for product "Excel Viewer" | 2007 Search vendor "Microsoft" for product "Excel Viewer" and version "2007" | sp3 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Office Search vendor "Microsoft" for product "Office" | 2016 Search vendor "Microsoft" for product "Office" and version "2016" | mac_os_x |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Office Search vendor "Microsoft" for product "Office" | 2019 Search vendor "Microsoft" for product "Office" and version "2019" | - |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Office 365 Proplus Search vendor "Microsoft" for product "Office 365 Proplus" | - | - |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Office Compatibility Pack Search vendor "Microsoft" for product "Office Compatibility Pack" | - | sp3 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Office Word Viewer Search vendor "Microsoft" for product "Office Word Viewer" | - | - |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Powerpoint Viewer Search vendor "Microsoft" for product "Powerpoint Viewer" | 2007 Search vendor "Microsoft" for product "Powerpoint Viewer" and version "2007" | - |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows Server 2008 Search vendor "Microsoft" for product "Windows Server 2008" | - | sp2 |
Affected
| ||||||