CVE-2018-8627

Опубликовано: 12 дек. 2018

Источник: nvd

CVSS3: 5.5

CVSS2: 4.3

EPSS Средний

Описание

An information disclosure vulnerability exists when Microsoft Excel software reads out of bound memory due to an uninitialized variable, which could disclose the contents of memory, aka "Microsoft Excel Information Disclosure Vulnerability." This affects Microsoft Office, Office 365 ProPlus, Microsoft Excel, Microsoft Excel Viewer, Excel. This CVE ID is unique from CVE-2018-8598.

Ссылки

http://www.securityfocus.com/bid/106120
Third Party Advisory
VDB Entry
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8627
Patch
Vendor Advisory
http://www.securityfocus.com/bid/106120
Third Party Advisory
VDB Entry
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8627
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:*:*

cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:*:*

cpe:2.3:a:microsoft:excel:2013:sp1:*:*:rt:*:*:*

cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:*:*

cpe:2.3:a:microsoft:excel_viewer:2007:sp3:*:*:*:*:*:*

cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:*:*

cpe:2.3:a:microsoft:office:2016:*:*:*:*:mac_os_x:*:*

cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:*:*

cpe:2.3:a:microsoft:office:2019:*:*:*:*:macos:*:*

cpe:2.3:a:microsoft:office_365_proplus:-:*:*:*:*:*:*:*

cpe:2.3:a:microsoft:office_compatibility_pack:-:sp3:*:*:*:*:*:*

cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*

EPSS

Процентиль: 95%

0.19881

Средний

5.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-908

Связанные уязвимости

CVE-2018-8627

msrc

больше 6 лет назад

Microsoft Excel Information Disclosure Vulnerability

GHSA-jq29-w2g2-mrm3

CVSS3: 5.5

github

больше 3 лет назад

BDU:2018-01635

CVSS3: 5.3

fstec