9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.6 High
AI Score
Confidence
High
0.293 Low
EPSS
Percentile
96.9%
Multiple serious vulnerabilities have been found in Microsoft Office. Malicious users can exploit these vulnerabilities to gain privileges, obtain sensitive information and execute arbitrary code.
Below is a complete list of vulnerabilities:
Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.
Microsoft-Office-Compatibility-Pack-for-Word,-Excel,-and-PowerPoint-2007-File-Formats
CVE-2018-1028 critical
CVE-2018-0950 warning
CVE-2018-1014 warning
CVE-2018-1034 warning
CVE-2018-1027 critical
CVE-2018-1029 critical
CVE-2018-1032 warning
CVE-2018-1030 critical
CVE-2018-1026 critical
CVE-2018-1005 warning
CVE-2018-1011 critical
CVE-2018-1007 warning
CVE-2018-0920 critical
Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.
Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.
Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.
Privilege escalation. Exploitation of vulnerabilities with this impact can lead to performing by abuser actions, which are normally disallowed for current role.
support.microsoft.com/kb/4011586
support.microsoft.com/kb/4011628
support.microsoft.com/kb/4011712
support.microsoft.com/kb/4011717
support.microsoft.com/kb/4011719
support.microsoft.com/kb/4018288
support.microsoft.com/kb/4018311
support.microsoft.com/kb/4018319
support.microsoft.com/kb/4018328
support.microsoft.com/kb/4018330
support.microsoft.com/kb/4018336
support.microsoft.com/kb/4018337
support.microsoft.com/kb/4018339
support.microsoft.com/kb/4018341
support.microsoft.com/kb/4018342
support.microsoft.com/kb/4018343
support.microsoft.com/kb/4018344
support.microsoft.com/kb/4018347
support.microsoft.com/kb/4018350
support.microsoft.com/kb/4018353
support.microsoft.com/kb/4018354
support.microsoft.com/kb/4018355
support.microsoft.com/kb/4018356
support.microsoft.com/kb/4018357
support.microsoft.com/kb/4018359
support.microsoft.com/kb/4018360
support.microsoft.com/kb/4018362
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0920
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0950
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1005
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1007
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1011
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1014
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1026
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1027
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1028
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1029
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1030
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1032
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1034
statistics.securelist.com/
threats.kaspersky.com/en/class/Exploit/
threats.kaspersky.com/en/product/Microsoft-Excel/
threats.kaspersky.com/en/product/Microsoft-Office-Compatibility-Pack-for-Word,-Excel,-and-PowerPoint-2007-File-Formats/
threats.kaspersky.com/en/product/Microsoft-Office/
threats.kaspersky.com/en/product/Microsoft-Word/
9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.6 High
AI Score
Confidence
High
0.293 Low
EPSS
Percentile
96.9%