CVE-2018-8265
Vulnerability from cvelistv5
Published
2018-10-10 13:00
Modified
2024-08-05 06:46
Severity
Summary
A remote code execution vulnerability exists in the way Microsoft Exchange software parses specially crafted email messages, aka "Microsoft Exchange Remote Code Execution Vulnerability." This affects Microsoft Exchange Server.
References
Source | URL | Tags |
---|---|---|
secure@microsoft.com | http://www.securityfocus.com/bid/105491 | Third Party Advisory, VDB Entry |
secure@microsoft.com | http://www.securitytracker.com/id/1041836 | Third Party Advisory, VDB Entry |
secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8265 | Patch, Vendor Advisory |
Impacted products
Vendor | Product |
---|---|
Microsoft | Microsoft Exchange Server |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T06:46:13.851Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "105491", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/105491" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8265" }, { "name": "1041836", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1041836" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Microsoft Exchange Server", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "2013 Cumulative Update 21" }, { "status": "affected", "version": "2016 Cumulative Update 10" } ] } ], "datePublic": "2018-10-09T00:00:00", "descriptions": [ { "lang": "en", "value": "A remote code execution vulnerability exists in the way Microsoft Exchange software parses specially crafted email messages, aka \"Microsoft Exchange Remote Code Execution Vulnerability.\" This affects Microsoft Exchange Server." } ], "problemTypes": [ { "descriptions": [ { "description": "Remote Code Execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-11T09:57:01", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft" }, "references": [ { "name": "105491", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/105491" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8265" }, { "name": "1041836", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1041836" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secure@microsoft.com", "ID": "CVE-2018-8265", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Microsoft Exchange Server", "version": { "version_data": [ { "version_value": "2013 Cumulative Update 21" }, { "version_value": "2016 Cumulative Update 10" } ] } } ] }, "vendor_name": "Microsoft" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A remote code execution vulnerability exists in the way Microsoft Exchange software parses specially crafted email messages, aka \"Microsoft Exchange Remote Code Execution Vulnerability.\" This affects Microsoft Exchange Server." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Remote Code Execution" } ] } ] }, "references": { "reference_data": [ { "name": "105491", "refsource": "BID", "url": "http://www.securityfocus.com/bid/105491" }, { "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8265", "refsource": "CONFIRM", "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8265" }, { "name": "1041836", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1041836" } ] } } } }, "cveMetadata": { "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2018-8265", "datePublished": "2018-10-10T13:00:00", "dateReserved": "2018-03-14T00:00:00", "dateUpdated": "2024-08-05T06:46:13.851Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2018-8265\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2018-10-10T13:29:01.087\",\"lastModified\":\"2019-10-03T00:03:26.223\",\"vulnStatus\":\"Analyzed\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"A remote code execution vulnerability exists in the way Microsoft Exchange software parses specially crafted email messages, aka \\\"Microsoft Exchange Remote Code Execution Vulnerability.\\\" This affects Microsoft Exchange Server.\"},{\"lang\":\"es\",\"value\":\"Existe una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo cuando el software de Microsoft Exchange analiza mensajes de email especialmente manipulados. Esto tambi\u00e9n se conoce como \\\"Microsoft Exchange Remote Code Execution Vulnerability\\\". Esto afecta a Microsoft Exchange Server.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:C/A:C\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\",\"baseScore\":9.3},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_21:*:*:*:*:*:*\",\"matchCriteriaId\":\"B560F8FD-068E-4A16-A37F-A62DCE88FCF2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_10:*:*:*:*:*:*\",\"matchCriteriaId\":\"63E362CB-CF75-4B7E-A4B1-D6D84AFCBB68\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/105491\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1041836\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8265\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]}]}}" } }
Loading...