cvelistv5 - cve-2018-8173

CVE-2018-8173 (GCVE-0-2018-8173)

Vulnerability from cvelistv5 – Published: 2018-05-09 19:00 – Updated: 2024-08-05 06:46

Summary

A remote code execution vulnerability exists in Microsoft InfoPath when the software fails to properly handle objects in memory, aka "Microsoft InfoPath Remote Code Execution Vulnerability." This affects Microsoft Infopath.

Severity ?

No CVSS data available.

CWE

Elevation of Privilege

Assigner

microsoft

References

URL

Tags

	http://www.securityfocus.com/bid/104069	vdb-entryx_refsource_BID
	http://www.securitytracker.com/id/1040855	vdb-entryx_refsource_SECTRACK
	https://portal.msrc.microsoft.com/en-US/security-…	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	Microsoft	Microsoft Infopath	Affected: 2013 Service Pack 1 (32-bit edition) Affected: 2013 Service Pack 1 (64-bit edition)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T06:46:13.516Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "104069",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/104069"
          },
          {
            "name": "1040855",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1040855"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8173"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Microsoft Infopath",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "2013 Service Pack 1 (32-bit edition)"
            },
            {
              "status": "affected",
              "version": "2013 Service Pack 1 (64-bit edition)"
            }
          ]
        }
      ],
      "datePublic": "2018-05-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A remote code execution vulnerability exists in Microsoft InfoPath when the software fails to properly handle objects in memory, aka \"Microsoft InfoPath Remote Code Execution Vulnerability.\" This affects Microsoft Infopath."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Elevation of Privilege",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-05-10T09:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "104069",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/104069"
        },
        {
          "name": "1040855",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1040855"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8173"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2018-8173",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Microsoft Infopath",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2013 Service Pack 1 (32-bit edition)"
                          },
                          {
                            "version_value": "2013 Service Pack 1 (64-bit edition)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Microsoft"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A remote code execution vulnerability exists in Microsoft InfoPath when the software fails to properly handle objects in memory, aka \"Microsoft InfoPath Remote Code Execution Vulnerability.\" This affects Microsoft Infopath."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Elevation of Privilege"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "104069",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/104069"
            },
            {
              "name": "1040855",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1040855"
            },
            {
              "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8173",
              "refsource": "CONFIRM",
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8173"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2018-8173",
    "datePublished": "2018-05-09T19:00:00",
    "dateReserved": "2018-03-14T00:00:00",
    "dateUpdated": "2024-08-05T06:46:13.516Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:infopath:2013:sp1:*:*:*:*:*:*\", \"matchCriteriaId\": \"C1273DC0-2188-4D5C-963D-761683B93A5A\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"A remote code execution vulnerability exists in Microsoft InfoPath when the software fails to properly handle objects in memory, aka \\\"Microsoft InfoPath Remote Code Execution Vulnerability.\\\" This affects Microsoft Infopath.\"}, {\"lang\": \"es\", \"value\": \"Existe una vulnerabilidad de ejecuci\\u00f3n remota de c\\u00f3digo en el software de Microsoft InfoPath cuando no gestiona correctamente objetos en la memoria. Esto tambi\\u00e9n se conoce como \\\"Microsoft InfoPath Remote Code Execution Vulnerability\\\". Esto afecta a Microsoft Infopath.\"}]",
      "id": "CVE-2018-8173",
      "lastModified": "2024-11-21T04:13:24.120",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"baseScore\": 7.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:C/I:C/A:C\", \"baseScore\": 9.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 8.6, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2018-05-09T19:29:02.870",
      "references": "[{\"url\": \"http://www.securityfocus.com/bid/104069\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1040855\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8173\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/104069\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1040855\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8173\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}]",
      "sourceIdentifier": "secure@microsoft.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2018-8173\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2018-05-09T19:29:02.870\",\"lastModified\":\"2024-11-21T04:13:24.120\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A remote code execution vulnerability exists in Microsoft InfoPath when the software fails to properly handle objects in memory, aka \\\"Microsoft InfoPath Remote Code Execution Vulnerability.\\\" This affects Microsoft Infopath.\"},{\"lang\":\"es\",\"value\":\"Existe una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo en el software de Microsoft InfoPath cuando no gestiona correctamente objetos en la memoria. Esto tambi\u00e9n se conoce como \\\"Microsoft InfoPath Remote Code Execution Vulnerability\\\". Esto afecta a Microsoft Infopath.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":9.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:infopath:2013:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"C1273DC0-2188-4D5C-963D-761683B93A5A\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/104069\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1040855\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8173\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/104069\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1040855\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8173\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]}]}}"
  }
}

FKIE_CVE-2018-8173

Vulnerability from fkie_nvd - Published: 2018-05-09 19:29 - Updated: 2024-11-21 04:13

Severity ?

7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
secure@microsoft.com	http://www.securityfocus.com/bid/104069	Third Party Advisory, VDB Entry
secure@microsoft.com	http://www.securitytracker.com/id/1040855	Third Party Advisory, VDB Entry
secure@microsoft.com	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8173	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/104069	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1040855	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8173	Patch, Vendor Advisory

Impacted products

	Vendor	Product	Version
	microsoft	infopath	2013

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:infopath:2013:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "C1273DC0-2188-4D5C-963D-761683B93A5A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A remote code execution vulnerability exists in Microsoft InfoPath when the software fails to properly handle objects in memory, aka \"Microsoft InfoPath Remote Code Execution Vulnerability.\" This affects Microsoft Infopath."
    },
    {
      "lang": "es",
      "value": "Existe una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo en el software de Microsoft InfoPath cuando no gestiona correctamente objetos en la memoria. Esto tambi\u00e9n se conoce como \"Microsoft InfoPath Remote Code Execution Vulnerability\". Esto afecta a Microsoft Infopath."
    }
  ],
  "id": "CVE-2018-8173",
  "lastModified": "2024-11-21T04:13:24.120",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-05-09T19:29:02.870",
  "references": [
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/104069"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1040855"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8173"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/104069"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1040855"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8173"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CERTFR-2018-AVI-223

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été corrigées dans les produits Microsoft. Elles permettent à un attaquant de provoquer une divulgation d'informations, une élévation de privilèges, une exécution de code à distance et une usurpation d'identité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	N/A	Microsoft Infopath 2013 Service Pack 1 (édition 64 bits)
Microsoft	N/A	ChakraCore
Microsoft	Azure	C# SDK pour Azure IoT
Microsoft	N/A	Microsoft Exchange Server 2013 Cumulative Update 20
Microsoft	N/A	Microsoft Exchange Server 2013 Cumulative Update 19
Microsoft	N/A	Microsoft Exchange Server 2013 Service Pack 1
Microsoft	N/A	Microsoft Exchange Server 2010 Service Pack 3 Update Rollup 21
Microsoft	N/A	Microsoft Exchange Server 2016 Cumulative Update 9
Microsoft	N/A	Microsoft Exchange Server 2016 Cumulative Update 8
Microsoft	Azure	Java SDK pour Azure IoT
Microsoft	N/A	Microsoft Infopath 2013 Service Pack 1 (édition 32 bits)
Microsoft	Azure	C SDK pour Azure IoT

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft du 08 mai 2018

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Microsoft Infopath 2013 Service Pack 1 (\u00e9dition 64 bits)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "ChakraCore",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "C# SDK pour Azure IoT",
      "product": {
        "name": "Azure",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Exchange Server 2013 Cumulative Update 20",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Exchange Server 2013 Cumulative Update 19",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Exchange Server 2013 Service Pack 1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Exchange Server 2010 Service Pack 3 Update Rollup 21",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Exchange Server 2016 Cumulative Update 9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Exchange Server 2016 Cumulative Update 8",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Java SDK pour Azure IoT",
      "product": {
        "name": "Azure",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Infopath 2013 Service Pack 1 (\u00e9dition 32 bits)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "C SDK pour Azure IoT",
      "product": {
        "name": "Azure",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2018-0946",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0946"
    },
    {
      "name": "CVE-2018-8153",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8153"
    },
    {
      "name": "CVE-2018-0954",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0954"
    },
    {
      "name": "CVE-2018-8151",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8151"
    },
    {
      "name": "CVE-2018-8178",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8178"
    },
    {
      "name": "CVE-2018-0945",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0945"
    },
    {
      "name": "CVE-2018-8137",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8137"
    },
    {
      "name": "CVE-2018-0953",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0953"
    },
    {
      "name": "CVE-2018-8173",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8173"
    },
    {
      "name": "CVE-2018-8128",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8128"
    },
    {
      "name": "CVE-2018-8133",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8133"
    },
    {
      "name": "CVE-2018-8177",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8177"
    },
    {
      "name": "CVE-2018-8119",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8119"
    },
    {
      "name": "CVE-2018-8159",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8159"
    },
    {
      "name": "CVE-2018-8130",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8130"
    },
    {
      "name": "CVE-2018-8152",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8152"
    },
    {
      "name": "CVE-2018-8139",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8139"
    },
    {
      "name": "CVE-2018-0943",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0943"
    },
    {
      "name": "CVE-2018-8145",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8145"
    },
    {
      "name": "CVE-2018-8154",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8154"
    },
    {
      "name": "CVE-2018-1022",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1022"
    }
  ],
  "links": [],
  "reference": "CERTFR-2018-AVI-223",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2018-05-09T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Divulgation d\u0027informations"
    },
    {
      "description": "Usurpation d\u0027identit\u00e9"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Microsoft\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer une divulgation d\u0027informations, une \u00e9l\u00e9vation de\nprivil\u00e8ges, une ex\u00e9cution de code \u00e0 distance et une usurpation\nd\u0027identit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Microsoft",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 08 mai 2018",
      "url": "https://portal.msrc.microsoft.com/fr-FR/security-guidance"
    }
  ]
}

CERTFR-2018-AVI-223

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	N/A	Microsoft Infopath 2013 Service Pack 1 (édition 64 bits)
Microsoft	N/A	ChakraCore
Microsoft	Azure	C# SDK pour Azure IoT
Microsoft	N/A	Microsoft Exchange Server 2013 Cumulative Update 20
Microsoft	N/A	Microsoft Exchange Server 2013 Cumulative Update 19
Microsoft	N/A	Microsoft Exchange Server 2013 Service Pack 1
Microsoft	N/A	Microsoft Exchange Server 2010 Service Pack 3 Update Rollup 21
Microsoft	N/A	Microsoft Exchange Server 2016 Cumulative Update 9
Microsoft	N/A	Microsoft Exchange Server 2016 Cumulative Update 8
Microsoft	Azure	Java SDK pour Azure IoT
Microsoft	N/A	Microsoft Infopath 2013 Service Pack 1 (édition 32 bits)
Microsoft	Azure	C SDK pour Azure IoT

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft du 08 mai 2018

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Microsoft Infopath 2013 Service Pack 1 (\u00e9dition 64 bits)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "ChakraCore",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "C# SDK pour Azure IoT",
      "product": {
        "name": "Azure",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Exchange Server 2013 Cumulative Update 20",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Exchange Server 2013 Cumulative Update 19",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Exchange Server 2013 Service Pack 1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Exchange Server 2010 Service Pack 3 Update Rollup 21",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Exchange Server 2016 Cumulative Update 9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Exchange Server 2016 Cumulative Update 8",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Java SDK pour Azure IoT",
      "product": {
        "name": "Azure",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Infopath 2013 Service Pack 1 (\u00e9dition 32 bits)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "C SDK pour Azure IoT",
      "product": {
        "name": "Azure",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2018-0946",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0946"
    },
    {
      "name": "CVE-2018-8153",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8153"
    },
    {
      "name": "CVE-2018-0954",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0954"
    },
    {
      "name": "CVE-2018-8151",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8151"
    },
    {
      "name": "CVE-2018-8178",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8178"
    },
    {
      "name": "CVE-2018-0945",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0945"
    },
    {
      "name": "CVE-2018-8137",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8137"
    },
    {
      "name": "CVE-2018-0953",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0953"
    },
    {
      "name": "CVE-2018-8173",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8173"
    },
    {
      "name": "CVE-2018-8128",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8128"
    },
    {
      "name": "CVE-2018-8133",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8133"
    },
    {
      "name": "CVE-2018-8177",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8177"
    },
    {
      "name": "CVE-2018-8119",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8119"
    },
    {
      "name": "CVE-2018-8159",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8159"
    },
    {
      "name": "CVE-2018-8130",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8130"
    },
    {
      "name": "CVE-2018-8152",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8152"
    },
    {
      "name": "CVE-2018-8139",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8139"
    },
    {
      "name": "CVE-2018-0943",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0943"
    },
    {
      "name": "CVE-2018-8145",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8145"
    },
    {
      "name": "CVE-2018-8154",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8154"
    },
    {
      "name": "CVE-2018-1022",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1022"
    }
  ],
  "links": [],
  "reference": "CERTFR-2018-AVI-223",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2018-05-09T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Divulgation d\u0027informations"
    },
    {
      "description": "Usurpation d\u0027identit\u00e9"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Microsoft\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer une divulgation d\u0027informations, une \u00e9l\u00e9vation de\nprivil\u00e8ges, une ex\u00e9cution de code \u00e0 distance et une usurpation\nd\u0027identit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Microsoft",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 08 mai 2018",
      "url": "https://portal.msrc.microsoft.com/fr-FR/security-guidance"
    }
  ]
}

GHSA-332W-5CHW-JPV3

Vulnerability from github – Published: 2022-05-13 01:20 – Updated: 2022-05-13 01:20

Details

Severity ?

7.8 (High)


                  
                    CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2018-8173"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-05-09T19:29:00Z",
    "severity": "HIGH"
  },
  "details": "A remote code execution vulnerability exists in Microsoft InfoPath when the software fails to properly handle objects in memory, aka \"Microsoft InfoPath Remote Code Execution Vulnerability.\" This affects Microsoft Infopath.",
  "id": "GHSA-332w-5chw-jpv3",
  "modified": "2022-05-13T01:20:41Z",
  "published": "2022-05-13T01:20:41Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-8173"
    },
    {
      "type": "WEB",
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8173"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/104069"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1040855"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

CNVD-2018-10738

Vulnerability from cnvd - Published: 2018-05-31

Title

Microsoft InfoPath远程代码执行漏洞

Description

Microsoft InfoPath 2013 SP1是美国微软（Microsoft）公司的一套基于XML技术的搜集信息和制作表单工具。该工具支持设计和填写电子表单，收集、管理和共享业务流程，以及从外部数据库资源调用资料绑定到表格控制元件等。 Microsoft InfoPath 2013 SP1中存在远程代码执行漏洞，该漏洞源于程序未能正确的处理内存中的对象。远程攻击者可借助特制的文件利用该漏洞在当前用户的上下文中执行任意代码。

Severity

高

Patch Name

Microsoft InfoPath远程代码执行漏洞的补丁

Patch Description

Formal description

厂商已发布漏洞修复程序，请及时关注更新： https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8173

Reference

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8173

Impacted products

Name
Microsoft InfoPath 2013 SP1

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "104069"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-8173"
    }
  },
  "description": "Microsoft InfoPath 2013 SP1\u662f\u7f8e\u56fd\u5fae\u8f6f\uff08Microsoft\uff09\u516c\u53f8\u7684\u4e00\u5957\u57fa\u4e8eXML\u6280\u672f\u7684\u641c\u96c6\u4fe1\u606f\u548c\u5236\u4f5c\u8868\u5355\u5de5\u5177\u3002\u8be5\u5de5\u5177\u652f\u6301\u8bbe\u8ba1\u548c\u586b\u5199\u7535\u5b50\u8868\u5355\uff0c\u6536\u96c6\u3001\u7ba1\u7406\u548c\u5171\u4eab\u4e1a\u52a1\u6d41\u7a0b\uff0c\u4ee5\u53ca\u4ece\u5916\u90e8\u6570\u636e\u5e93\u8d44\u6e90\u8c03\u7528\u8d44\u6599\u7ed1\u5b9a\u5230\u8868\u683c\u63a7\u5236\u5143\u4ef6\u7b49\u3002\r\n\r\nMicrosoft InfoPath 2013 SP1\u4e2d\u5b58\u5728\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u6b63\u786e\u7684\u5904\u7406\u5185\u5b58\u4e2d\u7684\u5bf9\u8c61\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u501f\u52a9\u7279\u5236\u7684\u6587\u4ef6\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u5f53\u524d\u7528\u6237\u7684\u4e0a\u4e0b\u6587\u4e2d\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002",
  "discovererName": "Microsoft",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8173",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-10738",
  "openTime": "2018-05-31",
  "patchDescription": "Microsoft InfoPath 2013 SP1\u662f\u7f8e\u56fd\u5fae\u8f6f\uff08Microsoft\uff09\u516c\u53f8\u7684\u4e00\u5957\u57fa\u4e8eXML\u6280\u672f\u7684\u641c\u96c6\u4fe1\u606f\u548c\u5236\u4f5c\u8868\u5355\u5de5\u5177\u3002\u8be5\u5de5\u5177\u652f\u6301\u8bbe\u8ba1\u548c\u586b\u5199\u7535\u5b50\u8868\u5355\uff0c\u6536\u96c6\u3001\u7ba1\u7406\u548c\u5171\u4eab\u4e1a\u52a1\u6d41\u7a0b\uff0c\u4ee5\u53ca\u4ece\u5916\u90e8\u6570\u636e\u5e93\u8d44\u6e90\u8c03\u7528\u8d44\u6599\u7ed1\u5b9a\u5230\u8868\u683c\u63a7\u5236\u5143\u4ef6\u7b49\u3002\r\n\r\nMicrosoft InfoPath 2013 SP1\u4e2d\u5b58\u5728\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u6b63\u786e\u7684\u5904\u7406\u5185\u5b58\u4e2d\u7684\u5bf9\u8c61\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u501f\u52a9\u7279\u5236\u7684\u6587\u4ef6\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u5f53\u524d\u7528\u6237\u7684\u4e0a\u4e0b\u6587\u4e2d\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Microsoft InfoPath\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Microsoft InfoPath 2013 SP1"
  },
  "referenceLink": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8173",
  "serverity": "\u9ad8",
  "submitTime": "2018-05-10",
  "title": "Microsoft InfoPath\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e"
}

GSD-2018-8173

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2018-8173

Aliases

CVE-2018-8173

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2018-8173",
    "description": "A remote code execution vulnerability exists in Microsoft InfoPath when the software fails to properly handle objects in memory, aka \"Microsoft InfoPath Remote Code Execution Vulnerability.\" This affects Microsoft Infopath.",
    "id": "GSD-2018-8173"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2018-8173"
      ],
      "details": "A remote code execution vulnerability exists in Microsoft InfoPath when the software fails to properly handle objects in memory, aka \"Microsoft InfoPath Remote Code Execution Vulnerability.\" This affects Microsoft Infopath.",
      "id": "GSD-2018-8173",
      "modified": "2023-12-13T01:22:34.926322Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secure@microsoft.com",
        "ID": "CVE-2018-8173",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Microsoft Infopath",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "2013 Service Pack 1 (32-bit edition)"
                        },
                        {
                          "version_value": "2013 Service Pack 1 (64-bit edition)"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Microsoft"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A remote code execution vulnerability exists in Microsoft InfoPath when the software fails to properly handle objects in memory, aka \"Microsoft InfoPath Remote Code Execution Vulnerability.\" This affects Microsoft Infopath."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Elevation of Privilege"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "104069",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/104069"
          },
          {
            "name": "1040855",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1040855"
          },
          {
            "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8173",
            "refsource": "CONFIRM",
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8173"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:infopath:2013:sp1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2018-8173"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A remote code execution vulnerability exists in Microsoft InfoPath when the software fails to properly handle objects in memory, aka \"Microsoft InfoPath Remote Code Execution Vulnerability.\" This affects Microsoft Infopath."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-noinfo"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8173",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8173"
            },
            {
              "name": "1040855",
              "refsource": "SECTRACK",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securitytracker.com/id/1040855"
            },
            {
              "name": "104069",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/104069"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2020-08-24T17:37Z",
      "publishedDate": "2018-05-09T19:29Z"
    }
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2018-8173 (GCVE-0-2018-8173)

FKIE_CVE-2018-8173

CERTFR-2018-AVI-223

Solution

CERTFR-2018-AVI-223

Solution

GHSA-332W-5CHW-JPV3

CNVD-2018-10738

GSD-2018-8173

Tags

Sightings

Nomenclature