Lucene search

MicrosoftCVE-2018-1028

HistoryApr 12, 2018 - 1:29 a.m.

CVE-2018-1028

2018-04-1201:29:10

CWE-94

microsoft

web.nvd.nist.gov

345

cve

2018

1028

office

graphics

remote code execution

vulnerability

microsoft office

word

excel

sharepoint

sharepoint server

nvd

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

8.3

Confidence

High

EPSS

0.135

Percentile

95.7%

JSON

A remote code execution vulnerability exists when the Office graphics component improperly handles specially crafted embedded fonts, aka “Microsoft Office Graphics Remote Code Execution Vulnerability.” This affects Word, Microsoft Office, Microsoft SharePoint, Excel, Microsoft SharePoint Server.

Affected configurations

Nvd

Vulners

Node

microsoftexcel_servicesMatch-

microsoftofficeMatch2013sp1

microsoftofficeMatch2013_rtsp1

microsoftofficeMatch2016

microsoftoffice_2010sp2

microsoftoffice_web_appsMatch2010sp2

microsoftoffice_web_appsMatch2013sp1

microsoftsharepoint_enterprise_serverMatch2013sp1

microsoftsharepoint_enterprise_serverMatch2016

microsoftword_automation_servicesMatch-

VendorProductVersionCPE
microsoftexcel_services-cpe:2.3:a:microsoft:excel_services:-:*:*:*:*:*:*:*
microsoftoffice2013cpe:2.3:a:microsoft:office:2013:sp1:*:*:*:*:*:*
microsoftoffice2013_rtcpe:2.3:a:microsoft:office:2013_rt:sp1:*:*:*:*:*:*
microsoftoffice2016cpe:2.3:a:microsoft:office:2016:*:*:*:*:*:*:*
microsoftoffice_2010*cpe:2.3:a:microsoft:office_2010:*:sp2:*:*:*:*:*:*
microsoftoffice_web_apps2010cpe:2.3:a:microsoft:office_web_apps:2010:sp2:*:*:*:*:*:*
microsoftoffice_web_apps2013cpe:2.3:a:microsoft:office_web_apps:2013:sp1:*:*:*:*:*:*
microsoftsharepoint_enterprise_server2013cpe:2.3:a:microsoft:sharepoint_enterprise_server:2013:sp1:*:*:*:*:*:*
microsoftsharepoint_enterprise_server2016cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*
microsoftword_automation_services-cpe:2.3:a:microsoft:word_automation_services:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
microsoft	excel_services	-	cpe:2.3:a:microsoft:excel_services:-:::::::*
microsoft	office	2013	cpe:2.3:a:microsoft:office:2013:sp1::::::
microsoft	office	2013_rt	cpe:2.3:a:microsoft:office:2013_rt:sp1::::::
microsoft	office	2016	cpe:2.3:a:microsoft:office:2016:::::::*
microsoft	office_2010	*	cpe:2.3:a:microsoft:office_2010::sp2::::::*
microsoft	office_web_apps	2010	cpe:2.3:a:microsoft:office_web_apps:2010:sp2::::::
microsoft	office_web_apps	2013	cpe:2.3:a:microsoft:office_web_apps:2013:sp1::::::
microsoft	sharepoint_enterprise_server	2013	cpe:2.3:a:microsoft:sharepoint_enterprise_server:2013:sp1::::::
microsoft	sharepoint_enterprise_server	2016	cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:::::::*
microsoft	word_automation_services	-	cpe:2.3:a:microsoft:word_automation_services:-:::::::*

CNA Affected

[
  {
    "product": "Word",
    "vendor": "Microsoft",
    "versions": [
      {
        "status": "affected",
        "version": "Automation Services on Microsoft SharePoint Server 2010 Service Pack 2"
      },
      {
        "status": "affected",
        "version": "Automation Services on Microsoft SharePoint Server 2013 Service Pack 1"
      }
    ]
  },
  {
    "product": "Microsoft Office",
    "vendor": "Microsoft",
    "versions": [
      {
        "status": "affected",
        "version": "2010 Service Pack 2 (32-bit editions)"
      },
      {
        "status": "affected",
        "version": "2010 Service Pack 2 (64-bit editions)"
      },
      {
        "status": "affected",
        "version": "2013 RT Service Pack 1"
      },
      {
        "status": "affected",
        "version": "2013 Service Pack 1 (32-bit editions)"
      },
      {
        "status": "affected",
        "version": "2013 Service Pack 1 (64-bit editions)"
      },
      {
        "status": "affected",
        "version": "2016 (32-bit edition)"
      },
      {
        "status": "affected",
        "version": "2016 (64-bit edition)"
      },
      {
        "status": "affected",
        "version": "Web Apps 2010 Service Pack 2"
      },
      {
        "status": "affected",
        "version": "Web Apps Server 2013 Service Pack 1"
      }
    ]
  },
  {
    "product": "Microsoft SharePoint",
    "vendor": "Microsoft",
    "versions": [
      {
        "status": "affected",
        "version": "Enterprise Server 2016"
      }
    ]
  },
  {
    "product": "Excel",
    "vendor": "Microsoft",
    "versions": [
      {
        "status": "affected",
        "version": "Services on Microsoft SharePoint Enterprise Server 2013 Service Pack 1"
      }
    ]
  },
  {
    "product": "Microsoft SharePoint Server",
    "vendor": "Microsoft",
    "versions": [
      {
        "status": "affected",
        "version": "2013 Service Pack 1"
      }
    ]
  }
]