Lucene search

MicrosoftCVE-2018-8574

HistoryNov 14, 2018 - 1:29 a.m.

CVE-2018-8574

2018-11-1401:29:01

microsoft

web.nvd.nist.gov

microsoft excel

vulnerability

remote code execution

cve-2018-8574

office 365 proplus

microsoft office

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

7.9

Confidence

High

EPSS

0.183

Percentile

96.3%

JSON

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka “Microsoft Excel Remote Code Execution Vulnerability.” This affects Office 365 ProPlus, Microsoft Office, Microsoft Excel. This CVE ID is unique from CVE-2018-8577.

Affected configurations

Nvd

Vulners

Node

microsoftofficeMatch2016

microsoftofficeMatch2016mac_os_x

microsoftofficeMatch2019

microsoftofficeMatch2019macos

microsoftoffice_365_proplusMatch-

VendorProductVersionCPE
microsoftoffice2016cpe:2.3:a:microsoft:office:2016:*:*:*:*:*:*:*
microsoftoffice2016cpe:2.3:a:microsoft:office:2016:*:*:*:*:mac_os_x:*:*
microsoftoffice2019cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:*:*
microsoftoffice2019cpe:2.3:a:microsoft:office:2019:*:*:*:*:macos:*:*
microsoftoffice_365_proplus-cpe:2.3:a:microsoft:office_365_proplus:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
microsoft	office	2016	cpe:2.3:a:microsoft:office:2016:::::::*
microsoft	office	2016	cpe:2.3:a:microsoft:office:2016:::::mac_os_x::
microsoft	office	2019	cpe:2.3:a:microsoft:office:2019:::::::*
microsoft	office	2019	cpe:2.3:a:microsoft:office:2019:::::macos::
microsoft	office_365_proplus	-	cpe:2.3:a:microsoft:office_365_proplus:-:::::::*

CNA Affected

[
  {
    "product": "Microsoft Office",
    "vendor": "Microsoft",
    "versions": [
      {
        "status": "affected",
        "version": "2016 for Mac"
      },
      {
        "status": "affected",
        "version": "2019 for 32-bit editions"
      },
      {
        "status": "affected",
        "version": "2019 for 64-bit editions"
      },
      {
        "status": "affected",
        "version": "2019 for Mac"
      }
    ]
  },
  {
    "product": "Office",
    "vendor": "Microsoft",
    "versions": [
      {
        "status": "affected",
        "version": "365 ProPlus for 32-bit Systems"
      },
      {
        "status": "affected",
        "version": "365 ProPlus for 64-bit Systems"
      }
    ]
  },
  {
    "product": "Microsoft Excel",
    "vendor": "Microsoft",
    "versions": [
      {
        "status": "affected",
        "version": "2016 (32-bit edition)"
      },
      {
        "status": "affected",
        "version": "2016 (64-bit edition)"
      }
    ]
  }
]