Description
Multiple serious vulnerabilities have been found in Microsoft Office. Malicious users can exploit these vulnerabilities to gain privileges, obtain sensitive information or execute arbitrary code.
Below is a complete list of vulnerabilities:
- An incorrect handling of requests in Microsoft SharePoint Server can be exploited remotely via a specially designed request to gain privileges;
- Multiple improper handling of objects in memory vulnerabilities in Microsoft Excel can be exploited locally via a specially designed document file to execute arbitrary code or obtain sensitive information;
- An incorrect handling of requests in Office Web Apps Server 2013 and Office Online Server can be exploited remotely via a specially designed request to gain privileges;
- An incorrect OLE objects instantiation in Microsoft Publisher can be exploited remotely via a specially designed request to gain privileges;
- An improper validation of attachment headers in Microsoft Outlook can be exploited remotely via a specially designed e-main message to gain privileges.
Original advisories
Exploitation
Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.
Related products
CVE list
- CVE-2018-8254 warning
- CVE-2018-8248 critical
- CVE-2018-8246 warning
- CVE-2018-8252 warning
- CVE-2018-8247 high
- CVE-2018-8245 high
- CVE-2018-8244 warning
KB list
- 4022209
- 4022197
- 3115248
- 4022182
- 4022179
- 4022205
- 4022190
- 4022199
- 3115197
- 4022196
- 4022174
- 4022173
- 4022160
- 4022151
- 4011186
- 4011026
- 4018387
- 4022210
- 4022169
- 4022177
- 4018391
- 4022183
- 4022191
- 4022203
Read more
Find out the statistics of the vulnerabilities spreading in your region on statistics.securelist.com
Found an inaccuracy in the description of this vulnerability? Let us know!