Описание
Microsoft Office Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists when Office Web Apps Server 2013 and Office Online Server fail to properly handle web requests. An attacker who successfully exploited this vulnerability could perform script/content injection attacks and attempt to trick the user into disclosing sensitive information.
To exploit the vulnerability, an attacker could send an email message containing a malicious link to a user. Alternatively, an attacker could use a chat client to social engineer a user into clicking the malicious link. The user must click the malicious link for the vulnerability to be exploited.
The security update addresses the vulnerability by correcting how Office Web Apps Server 2013 and Office Online Server validate web requests.
Обновления
| Продукт | Статья | Обновление |
|---|---|---|
| Microsoft Office Web Apps Server 2013 Service Pack 1 | ||
| Microsoft Office Online Server 2016 |
Показывать по
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
Older Software Release
EPSS
Связанные уязвимости
An elevation of privilege vulnerability exists when Office Web Apps Server 2013 and Office Online Server fail to properly handle web requests, aka "Microsoft Office Elevation of Privilege Vulnerability." This affects Microsoft Office, Microsoft Office Online Server. This CVE ID is unique from CVE-2018-8245.
An elevation of privilege vulnerability exists when Office Web Apps Server 2013 and Office Online Server fail to properly handle web requests, aka "Microsoft Office Elevation of Privilege Vulnerability." This affects Microsoft Office, Microsoft Office Online Server. This CVE ID is unique from CVE-2018-8245.
EPSS