cvelistv5 - cve-2018-8627

CVE-2018-8627 (GCVE-0-2018-8627)

Vulnerability from cvelistv5 – Published: 2018-12-12 00:00 – Updated: 2024-08-05 07:02

Summary

An information disclosure vulnerability exists when Microsoft Excel software reads out of bound memory due to an uninitialized variable, which could disclose the contents of memory, aka "Microsoft Excel Information Disclosure Vulnerability." This affects Microsoft Office, Office 365 ProPlus, Microsoft Excel, Microsoft Excel Viewer, Excel. This CVE ID is unique from CVE-2018-8598.

Severity ?

No CVSS data available.

CWE

Information Disclosure

Assigner

microsoft

References

URL

Tags

	https://portal.msrc.microsoft.com/en-US/security-…	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/106120	vdb-entryx_refsource_BID

Impacted products

Vendor

Product

Version

Microsoft

Microsoft Office

Affected: 2010 Service Pack 2 (32-bit editions)
Affected: 2010 Service Pack 2 (64-bit editions)
Affected: 2016 for Mac
Affected: 2019 for 32-bit editions
Affected: 2019 for 64-bit editions
Affected: 2019 for Mac
Affected: Compatibility Pack Service Pack 3

Microsoft	Microsoft Excel	Affected: 2010 Service Pack 2 (32-bit editions) Affected: 2010 Service Pack 2 (64-bit editions) Affected: 2013 RT Service Pack 1 Affected: 2013 Service Pack 1 (32-bit editions) Affected: 2013 Service Pack 1 (64-bit editions) Affected: 2016 (32-bit edition) Affected: 2016 (64-bit edition)
Microsoft	Microsoft Excel Viewer	Affected: 2007 Service Pack 3
Microsoft	Excel	Affected: Services on Microsoft SharePoint Server 2010 Service Pack 2
Microsoft	Office	Affected: 365 ProPlus for 32-bit Systems Affected: 365 ProPlus for 64-bit Systems

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T07:02:25.860Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8627"
          },
          {
            "name": "106120",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/106120"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Microsoft Office",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "2010 Service Pack 2 (32-bit editions)"
            },
            {
              "status": "affected",
              "version": "2010 Service Pack 2 (64-bit editions)"
            },
            {
              "status": "affected",
              "version": "2016 for Mac"
            },
            {
              "status": "affected",
              "version": "2019 for 32-bit editions"
            },
            {
              "status": "affected",
              "version": "2019 for 64-bit editions"
            },
            {
              "status": "affected",
              "version": "2019 for Mac"
            },
            {
              "status": "affected",
              "version": "Compatibility Pack Service Pack 3"
            }
          ]
        },
        {
          "product": "Microsoft Excel",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "2010 Service Pack 2 (32-bit editions)"
            },
            {
              "status": "affected",
              "version": "2010 Service Pack 2 (64-bit editions)"
            },
            {
              "status": "affected",
              "version": "2013 RT Service Pack 1"
            },
            {
              "status": "affected",
              "version": "2013 Service Pack 1 (32-bit editions)"
            },
            {
              "status": "affected",
              "version": "2013 Service Pack 1 (64-bit editions)"
            },
            {
              "status": "affected",
              "version": "2016 (32-bit edition)"
            },
            {
              "status": "affected",
              "version": "2016 (64-bit edition)"
            }
          ]
        },
        {
          "product": "Microsoft Excel Viewer",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "2007 Service Pack 3"
            }
          ]
        },
        {
          "product": "Excel",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "Services on Microsoft SharePoint Server 2010 Service Pack 2"
            }
          ]
        },
        {
          "product": "Office",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "365 ProPlus for 32-bit Systems"
            },
            {
              "status": "affected",
              "version": "365 ProPlus for 64-bit Systems"
            }
          ]
        }
      ],
      "datePublic": "2018-12-11T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "An information disclosure vulnerability exists when Microsoft Excel software reads out of bound memory due to an uninitialized variable, which could disclose the contents of memory, aka \"Microsoft Excel Information Disclosure Vulnerability.\" This affects Microsoft Office, Office 365 ProPlus, Microsoft Excel, Microsoft Excel Viewer, Excel. This CVE ID is unique from CVE-2018-8598."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Information Disclosure",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-12-12T10:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8627"
        },
        {
          "name": "106120",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/106120"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2018-8627",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Microsoft Office",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2010 Service Pack 2 (32-bit editions)"
                          },
                          {
                            "version_value": "2010 Service Pack 2 (64-bit editions)"
                          },
                          {
                            "version_value": "2016 for Mac"
                          },
                          {
                            "version_value": "2019 for 32-bit editions"
                          },
                          {
                            "version_value": "2019 for 64-bit editions"
                          },
                          {
                            "version_value": "2019 for Mac"
                          },
                          {
                            "version_value": "Compatibility Pack Service Pack 3"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Microsoft Excel",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2010 Service Pack 2 (32-bit editions)"
                          },
                          {
                            "version_value": "2010 Service Pack 2 (64-bit editions)"
                          },
                          {
                            "version_value": "2013 RT Service Pack 1"
                          },
                          {
                            "version_value": "2013 Service Pack 1 (32-bit editions)"
                          },
                          {
                            "version_value": "2013 Service Pack 1 (64-bit editions)"
                          },
                          {
                            "version_value": "2016 (32-bit edition)"
                          },
                          {
                            "version_value": "2016 (64-bit edition)"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Microsoft Excel Viewer",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2007 Service Pack 3"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Excel",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Services on Microsoft SharePoint Server 2010 Service Pack 2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Office",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "365 ProPlus for 32-bit Systems"
                          },
                          {
                            "version_value": "365 ProPlus for 64-bit Systems"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Microsoft"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An information disclosure vulnerability exists when Microsoft Excel software reads out of bound memory due to an uninitialized variable, which could disclose the contents of memory, aka \"Microsoft Excel Information Disclosure Vulnerability.\" This affects Microsoft Office, Office 365 ProPlus, Microsoft Excel, Microsoft Excel Viewer, Excel. This CVE ID is unique from CVE-2018-8598."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Information Disclosure"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8627",
              "refsource": "CONFIRM",
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8627"
            },
            {
              "name": "106120",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/106120"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2018-8627",
    "datePublished": "2018-12-12T00:00:00",
    "dateReserved": "2018-03-14T00:00:00",
    "dateUpdated": "2024-08-05T07:02:25.860Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:*:*\", \"matchCriteriaId\": \"E36D981E-E56D-46C7-9486-FC691A75C497\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:*:*\", \"matchCriteriaId\": \"F564117D-450D-45C4-9688-AF35F630A8A7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:excel:2013:sp1:*:*:rt:*:*:*\", \"matchCriteriaId\": \"3A062169-527E-43DA-8AE0-FD4FBA1B2A9B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"09BF0981-749E-470B-A7AC-95AD087797EF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:excel_viewer:2007:sp3:*:*:*:*:*:*\", \"matchCriteriaId\": \"E4635DA5-27DA-43FF-92AC-A9F80218A2F0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:*:*\", \"matchCriteriaId\": \"081DE1E3-4622-4C32-8B9C-9AEC1CD20638\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:office:2016:*:*:*:*:mac_os_x:*:*\", \"matchCriteriaId\": \"04435803-F25B-4384-8ADD-001E87F5813A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FF177984-A906-43FA-BF60-298133FBBD6B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:office:2019:*:*:*:*:macos:*:*\", \"matchCriteriaId\": \"40961B9E-80B6-42E0-A876-58B3CE056E4E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:office_365_proplus:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CA035812-F35A-43F1-9A8D-EE02201AA10A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:office_compatibility_pack:-:sp3:*:*:*:*:*:*\", \"matchCriteriaId\": \"71AF058A-2E5D-4B11-88DB-8903C64B13C1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*\", \"matchCriteriaId\": \"9A57C675-05A9-4BC2-AE95-7CA5CA6B1F73\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"An information disclosure vulnerability exists when Microsoft Excel software reads out of bound memory due to an uninitialized variable, which could disclose the contents of memory, aka \\\"Microsoft Excel Information Disclosure Vulnerability.\\\" This affects Microsoft Office, Office 365 ProPlus, Microsoft Excel, Microsoft Excel Viewer, Excel. This CVE ID is unique from CVE-2018-8598.\"}, {\"lang\": \"es\", \"value\": \"Existe una vulnerabilidad de divulgaci\\u00f3n de informaci\\u00f3n cuando el software de Microsoft Excel lee memoria fuera de l\\u00edmites debido a una variable no inicializada, que podr\\u00eda divulgar el contenido de la memoria. Esto tambi\\u00e9n se conoce como \\\"Microsoft Excel Information Disclosure Vulnerability\\\". Esto afecta a Microsoft Office, ffice 365 ProPlus, Microsoft Excel, Microsoft Excel Viewer y Excel. El ID de este CVE es diferente de CVE-2018-8598.\"}]",
      "id": "CVE-2018-8627",
      "lastModified": "2024-11-21T04:14:08.547",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N\", \"baseScore\": 5.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:N/A:N\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2018-12-12T00:29:01.420",
      "references": "[{\"url\": \"http://www.securityfocus.com/bid/106120\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8627\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/106120\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8627\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}]",
      "sourceIdentifier": "secure@microsoft.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-908\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2018-8627\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2018-12-12T00:29:01.420\",\"lastModified\":\"2024-11-21T04:14:08.547\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An information disclosure vulnerability exists when Microsoft Excel software reads out of bound memory due to an uninitialized variable, which could disclose the contents of memory, aka \\\"Microsoft Excel Information Disclosure Vulnerability.\\\" This affects Microsoft Office, Office 365 ProPlus, Microsoft Excel, Microsoft Excel Viewer, Excel. This CVE ID is unique from CVE-2018-8598.\"},{\"lang\":\"es\",\"value\":\"Existe una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n cuando el software de Microsoft Excel lee memoria fuera de l\u00edmites debido a una variable no inicializada, que podr\u00eda divulgar el contenido de la memoria. Esto tambi\u00e9n se conoce como \\\"Microsoft Excel Information Disclosure Vulnerability\\\". Esto afecta a Microsoft Office, ffice 365 ProPlus, Microsoft Excel, Microsoft Excel Viewer y Excel. El ID de este CVE es diferente de CVE-2018-8598.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:N/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-908\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"E36D981E-E56D-46C7-9486-FC691A75C497\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"F564117D-450D-45C4-9688-AF35F630A8A7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:excel:2013:sp1:*:*:rt:*:*:*\",\"matchCriteriaId\":\"3A062169-527E-43DA-8AE0-FD4FBA1B2A9B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"09BF0981-749E-470B-A7AC-95AD087797EF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:excel_viewer:2007:sp3:*:*:*:*:*:*\",\"matchCriteriaId\":\"E4635DA5-27DA-43FF-92AC-A9F80218A2F0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"081DE1E3-4622-4C32-8B9C-9AEC1CD20638\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:office:2016:*:*:*:*:mac_os_x:*:*\",\"matchCriteriaId\":\"04435803-F25B-4384-8ADD-001E87F5813A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FF177984-A906-43FA-BF60-298133FBBD6B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:office:2019:*:*:*:*:macos:*:*\",\"matchCriteriaId\":\"40961B9E-80B6-42E0-A876-58B3CE056E4E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:office_365_proplus:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CA035812-F35A-43F1-9A8D-EE02201AA10A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:office_compatibility_pack:-:sp3:*:*:*:*:*:*\",\"matchCriteriaId\":\"71AF058A-2E5D-4B11-88DB-8903C64B13C1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"9A57C675-05A9-4BC2-AE95-7CA5CA6B1F73\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/106120\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8627\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/106120\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8627\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]}]}}"
  }
}

FKIE_CVE-2018-8627

Vulnerability from fkie_nvd - Published: 2018-12-12 00:29 - Updated: 2024-11-21 04:14

Severity ?

5.5 (Medium) - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Summary

References

URL	Tags
secure@microsoft.com	http://www.securityfocus.com/bid/106120	Third Party Advisory, VDB Entry
secure@microsoft.com	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8627	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/106120	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8627	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
microsoft	excel	2010
microsoft	excel	2013
microsoft	excel	2013
microsoft	excel	2016
microsoft	excel_viewer	2007
microsoft	office	2010
microsoft	office	2016
microsoft	office	2019
microsoft	office	2019
microsoft	office_365_proplus	-
microsoft	office_compatibility_pack	-
microsoft	sharepoint_server	2010

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "E36D981E-E56D-46C7-9486-FC691A75C497",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "F564117D-450D-45C4-9688-AF35F630A8A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:rt:*:*:*",
              "matchCriteriaId": "3A062169-527E-43DA-8AE0-FD4FBA1B2A9B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:*:*",
              "matchCriteriaId": "09BF0981-749E-470B-A7AC-95AD087797EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:excel_viewer:2007:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "E4635DA5-27DA-43FF-92AC-A9F80218A2F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "081DE1E3-4622-4C32-8B9C-9AEC1CD20638",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2016:*:*:*:*:mac_os_x:*:*",
              "matchCriteriaId": "04435803-F25B-4384-8ADD-001E87F5813A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF177984-A906-43FA-BF60-298133FBBD6B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2019:*:*:*:*:macos:*:*",
              "matchCriteriaId": "40961B9E-80B6-42E0-A876-58B3CE056E4E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_365_proplus:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA035812-F35A-43F1-9A8D-EE02201AA10A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:-:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "71AF058A-2E5D-4B11-88DB-8903C64B13C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "9A57C675-05A9-4BC2-AE95-7CA5CA6B1F73",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An information disclosure vulnerability exists when Microsoft Excel software reads out of bound memory due to an uninitialized variable, which could disclose the contents of memory, aka \"Microsoft Excel Information Disclosure Vulnerability.\" This affects Microsoft Office, Office 365 ProPlus, Microsoft Excel, Microsoft Excel Viewer, Excel. This CVE ID is unique from CVE-2018-8598."
    },
    {
      "lang": "es",
      "value": "Existe una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n cuando el software de Microsoft Excel lee memoria fuera de l\u00edmites debido a una variable no inicializada, que podr\u00eda divulgar el contenido de la memoria. Esto tambi\u00e9n se conoce como \"Microsoft Excel Information Disclosure Vulnerability\". Esto afecta a Microsoft Office, ffice 365 ProPlus, Microsoft Excel, Microsoft Excel Viewer y Excel. El ID de este CVE es diferente de CVE-2018-8598."
    }
  ],
  "id": "CVE-2018-8627",
  "lastModified": "2024-11-21T04:14:08.547",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-12-12T00:29:01.420",
  "references": [
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/106120"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8627"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/106120"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8627"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-908"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-JQ29-W2G2-MRM3

Vulnerability from github – Published: 2022-05-13 01:21 – Updated: 2022-05-13 01:21

Details

Severity ?

5.5 (Medium)


                  
                    CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2018-8627"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-908"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-12-12T00:29:00Z",
    "severity": "MODERATE"
  },
  "details": "An information disclosure vulnerability exists when Microsoft Excel software reads out of bound memory due to an uninitialized variable, which could disclose the contents of memory, aka \"Microsoft Excel Information Disclosure Vulnerability.\" This affects Microsoft Office, Office 365 ProPlus, Microsoft Excel, Microsoft Excel Viewer, Excel. This CVE ID is unique from CVE-2018-8598.",
  "id": "GHSA-jq29-w2g2-mrm3",
  "modified": "2022-05-13T01:21:03Z",
  "published": "2022-05-13T01:21:02Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-8627"
    },
    {
      "type": "WEB",
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8627"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/106120"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

CERTFR-2018-AVI-595

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été corrigées dans Microsoft Office. Elles permettent à un attaquant de provoquer une élévation de privilèges, une atteinte à la confidentialité des données, une exécution de code à distance et une usurpation d'identité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	Office	Microsoft SharePoint Server 2013 Service Pack 1
Microsoft	Office	Microsoft Outlook 2016 (édition 32 bits)
Microsoft	Office	Office 365 ProPlus pour systèmes 32 bits
Microsoft	Office	Microsoft Excel 2013 RT Service Pack 1
Microsoft	Office	Microsoft PowerPoint 2013 RT Service Pack 1
Microsoft	Office	Microsoft Office 2019 pour éditions 32 bits
Microsoft	Office	Microsoft PowerPoint 2010 Service Pack 2 (éditions 32 bits)
Microsoft	Office	Microsoft Office 2019 pour Mac
Microsoft	Office	Microsoft Outlook 2013 Service Pack 1 (éditions 32 bits)
Microsoft	Office	Excel Services
Microsoft	Office	Microsoft Office 2019 pour éditions 64 bits
Microsoft	Office	Office Online Server
Microsoft	Office	Microsoft Office 2016 pour Mac
Microsoft	Office	Microsoft PowerPoint 2013 Service Pack 1 (éditions 32 bits)
Microsoft	Office	Microsoft Office Web Apps 2013 Service Pack 1
Microsoft	Office	Microsoft Excel 2013 Service Pack 1 (éditions 64 bits)
Microsoft	Office	Microsoft Office 2010 Service Pack 2 (éditions 32 bits)
Microsoft	Office	Microsoft PowerPoint Viewer
Microsoft	Office	Microsoft Office Compatibility Pack Service Pack 3
Microsoft	Office	Microsoft Excel 2016 (édition 32 bits)
Microsoft	Office	Microsoft Outlook 2013 Service Pack 1 (éditions 64 bits)
Microsoft	Office	Microsoft Excel 2010 Service Pack 2 (éditions 64 bits)
Microsoft	Office	Microsoft Excel 2013 Service Pack 1 (éditions 32 bits)
Microsoft	Office	Microsoft SharePoint Enterprise Server 2016
Microsoft	Office	Microsoft PowerPoint 2016 (édition 64 bits)
Microsoft	Office	Microsoft Outlook 2016 (édition 64 bits)
Microsoft	Office	Microsoft Excel 2010 Service Pack 2 (éditions 32 bits)
Microsoft	Office	Microsoft PowerPoint 2016 (édition 32 bits)
Microsoft	Office	Microsoft Outlook 2010 Service Pack 2 (éditions 64 bits)
Microsoft	Office	Microsoft Office Web Apps 2010 Service Pack 2
Microsoft	Office	Microsoft Excel 2016 (édition 64 bits)
Microsoft	Office	Microsoft Office 2010 Service Pack 2 (éditions 64 bits)
Microsoft	Office	Microsoft PowerPoint 2013 Service Pack 1 (éditions 64 bits)
Microsoft	Office	Microsoft Outlook 2010 Service Pack 2 (éditions 32 bits)
Microsoft	Office	Microsoft PowerPoint 2010 Service Pack 2 (éditions 64 bits)
Microsoft	Office	Office 365 ProPlus pour 64 bits Systems
Microsoft	Office	Microsoft Excel Viewer 2007 Service Pack 3
Microsoft	Office	Microsoft SharePoint Server 2019
Microsoft	Office	Microsoft SharePoint Server 2010 Service Pack 2
Microsoft	Office	Microsoft SharePoint Enterprise Server 2013 Service Pack 1
Microsoft	Office	Microsoft SharePoint Foundation 2010 Service Pack 2
Microsoft	Office	Microsoft Outlook 2013 RT Service Pack 1

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft du 11 décembre 2018

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Microsoft SharePoint Server 2013 Service Pack 1",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Outlook 2016 (\u00e9dition 32 bits)",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Office 365 ProPlus pour syst\u00e8mes 32 bits",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Excel 2013 RT Service Pack 1",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft PowerPoint 2013 RT Service Pack 1",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office 2019 pour \u00e9ditions 32 bits",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft PowerPoint 2010 Service Pack 2 (\u00e9ditions 32 bits)",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office 2019 pour Mac",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Outlook 2013 Service Pack 1 (\u00e9ditions 32 bits)",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Excel Services",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office 2019 pour \u00e9ditions 64 bits",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Office Online Server",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office 2016 pour Mac",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft PowerPoint 2013 Service Pack 1 (\u00e9ditions 32 bits)",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office Web Apps 2013 Service Pack 1",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Excel 2013 Service Pack 1 (\u00e9ditions 64 bits)",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office 2010 Service Pack 2 (\u00e9ditions 32 bits)",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft PowerPoint Viewer",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office Compatibility Pack Service Pack 3",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Excel 2016 (\u00e9dition 32 bits)",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Outlook 2013 Service Pack 1 (\u00e9ditions 64 bits)",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Excel 2010 Service Pack 2 (\u00e9ditions 64 bits)",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Excel 2013 Service Pack 1 (\u00e9ditions 32 bits)",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft SharePoint Enterprise Server 2016",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft PowerPoint 2016 (\u00e9dition 64 bits)",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Outlook 2016 (\u00e9dition 64 bits)",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Excel 2010 Service Pack 2 (\u00e9ditions 32 bits)",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft PowerPoint 2016 (\u00e9dition 32 bits)",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Outlook 2010 Service Pack 2 (\u00e9ditions 64 bits)",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office Web Apps 2010 Service Pack 2",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Excel 2016 (\u00e9dition 64 bits)",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office 2010 Service Pack 2 (\u00e9ditions 64 bits)",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft PowerPoint 2013 Service Pack 1 (\u00e9ditions 64 bits)",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Outlook 2010 Service Pack 2 (\u00e9ditions 32 bits)",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft PowerPoint 2010 Service Pack 2 (\u00e9ditions 64 bits)",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Office 365 ProPlus pour 64 bits Systems",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Excel Viewer 2007 Service Pack 3",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft SharePoint Server 2019",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft SharePoint Server 2010 Service Pack 2",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft SharePoint Enterprise Server 2013 Service Pack 1",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft SharePoint Foundation 2010 Service Pack 2",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Outlook 2013 RT Service Pack 1",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2018-8636",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8636"
    },
    {
      "name": "CVE-2018-8627",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8627"
    },
    {
      "name": "CVE-2018-8635",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8635"
    },
    {
      "name": "CVE-2018-8587",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8587"
    },
    {
      "name": "CVE-2018-8580",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8580"
    },
    {
      "name": "CVE-2018-8628",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8628"
    },
    {
      "name": "CVE-2018-8650",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8650"
    },
    {
      "name": "CVE-2018-8598",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8598"
    },
    {
      "name": "CVE-2018-8597",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8597"
    }
  ],
  "links": [],
  "reference": "CERTFR-2018-AVI-595",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2018-12-12T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Usurpation d\u0027identit\u00e9"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eMicrosoft Office\u003c/span\u003e. Elles permettent \u00e0 un attaquant\nde provoquer une \u00e9l\u00e9vation de privil\u00e8ges, une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es, une ex\u00e9cution de code \u00e0 distance et une\nusurpation d\u0027identit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Office",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 11 d\u00e9cembre 2018",
      "url": "https://portal.msrc.microsoft.com/fr-FR/security-guidance"
    }
  ]
}

CERTFR-2018-AVI-595

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	Office	Microsoft SharePoint Server 2013 Service Pack 1
Microsoft	Office	Microsoft Outlook 2016 (édition 32 bits)
Microsoft	Office	Office 365 ProPlus pour systèmes 32 bits
Microsoft	Office	Microsoft Excel 2013 RT Service Pack 1
Microsoft	Office	Microsoft PowerPoint 2013 RT Service Pack 1
Microsoft	Office	Microsoft Office 2019 pour éditions 32 bits
Microsoft	Office	Microsoft PowerPoint 2010 Service Pack 2 (éditions 32 bits)
Microsoft	Office	Microsoft Office 2019 pour Mac
Microsoft	Office	Microsoft Outlook 2013 Service Pack 1 (éditions 32 bits)
Microsoft	Office	Excel Services
Microsoft	Office	Microsoft Office 2019 pour éditions 64 bits
Microsoft	Office	Office Online Server
Microsoft	Office	Microsoft Office 2016 pour Mac
Microsoft	Office	Microsoft PowerPoint 2013 Service Pack 1 (éditions 32 bits)
Microsoft	Office	Microsoft Office Web Apps 2013 Service Pack 1
Microsoft	Office	Microsoft Excel 2013 Service Pack 1 (éditions 64 bits)
Microsoft	Office	Microsoft Office 2010 Service Pack 2 (éditions 32 bits)
Microsoft	Office	Microsoft PowerPoint Viewer
Microsoft	Office	Microsoft Office Compatibility Pack Service Pack 3
Microsoft	Office	Microsoft Excel 2016 (édition 32 bits)
Microsoft	Office	Microsoft Outlook 2013 Service Pack 1 (éditions 64 bits)
Microsoft	Office	Microsoft Excel 2010 Service Pack 2 (éditions 64 bits)
Microsoft	Office	Microsoft Excel 2013 Service Pack 1 (éditions 32 bits)
Microsoft	Office	Microsoft SharePoint Enterprise Server 2016
Microsoft	Office	Microsoft PowerPoint 2016 (édition 64 bits)
Microsoft	Office	Microsoft Outlook 2016 (édition 64 bits)
Microsoft	Office	Microsoft Excel 2010 Service Pack 2 (éditions 32 bits)
Microsoft	Office	Microsoft PowerPoint 2016 (édition 32 bits)
Microsoft	Office	Microsoft Outlook 2010 Service Pack 2 (éditions 64 bits)
Microsoft	Office	Microsoft Office Web Apps 2010 Service Pack 2
Microsoft	Office	Microsoft Excel 2016 (édition 64 bits)
Microsoft	Office	Microsoft Office 2010 Service Pack 2 (éditions 64 bits)
Microsoft	Office	Microsoft PowerPoint 2013 Service Pack 1 (éditions 64 bits)
Microsoft	Office	Microsoft Outlook 2010 Service Pack 2 (éditions 32 bits)
Microsoft	Office	Microsoft PowerPoint 2010 Service Pack 2 (éditions 64 bits)
Microsoft	Office	Office 365 ProPlus pour 64 bits Systems
Microsoft	Office	Microsoft Excel Viewer 2007 Service Pack 3
Microsoft	Office	Microsoft SharePoint Server 2019
Microsoft	Office	Microsoft SharePoint Server 2010 Service Pack 2
Microsoft	Office	Microsoft SharePoint Enterprise Server 2013 Service Pack 1
Microsoft	Office	Microsoft SharePoint Foundation 2010 Service Pack 2
Microsoft	Office	Microsoft Outlook 2013 RT Service Pack 1

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft du 11 décembre 2018

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Microsoft SharePoint Server 2013 Service Pack 1",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Outlook 2016 (\u00e9dition 32 bits)",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Office 365 ProPlus pour syst\u00e8mes 32 bits",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Excel 2013 RT Service Pack 1",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft PowerPoint 2013 RT Service Pack 1",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office 2019 pour \u00e9ditions 32 bits",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft PowerPoint 2010 Service Pack 2 (\u00e9ditions 32 bits)",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office 2019 pour Mac",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Outlook 2013 Service Pack 1 (\u00e9ditions 32 bits)",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Excel Services",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office 2019 pour \u00e9ditions 64 bits",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Office Online Server",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office 2016 pour Mac",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft PowerPoint 2013 Service Pack 1 (\u00e9ditions 32 bits)",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office Web Apps 2013 Service Pack 1",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Excel 2013 Service Pack 1 (\u00e9ditions 64 bits)",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office 2010 Service Pack 2 (\u00e9ditions 32 bits)",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft PowerPoint Viewer",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office Compatibility Pack Service Pack 3",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Excel 2016 (\u00e9dition 32 bits)",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Outlook 2013 Service Pack 1 (\u00e9ditions 64 bits)",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Excel 2010 Service Pack 2 (\u00e9ditions 64 bits)",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Excel 2013 Service Pack 1 (\u00e9ditions 32 bits)",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft SharePoint Enterprise Server 2016",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft PowerPoint 2016 (\u00e9dition 64 bits)",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Outlook 2016 (\u00e9dition 64 bits)",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Excel 2010 Service Pack 2 (\u00e9ditions 32 bits)",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft PowerPoint 2016 (\u00e9dition 32 bits)",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Outlook 2010 Service Pack 2 (\u00e9ditions 64 bits)",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office Web Apps 2010 Service Pack 2",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Excel 2016 (\u00e9dition 64 bits)",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office 2010 Service Pack 2 (\u00e9ditions 64 bits)",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft PowerPoint 2013 Service Pack 1 (\u00e9ditions 64 bits)",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Outlook 2010 Service Pack 2 (\u00e9ditions 32 bits)",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft PowerPoint 2010 Service Pack 2 (\u00e9ditions 64 bits)",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Office 365 ProPlus pour 64 bits Systems",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Excel Viewer 2007 Service Pack 3",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft SharePoint Server 2019",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft SharePoint Server 2010 Service Pack 2",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft SharePoint Enterprise Server 2013 Service Pack 1",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft SharePoint Foundation 2010 Service Pack 2",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Outlook 2013 RT Service Pack 1",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2018-8636",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8636"
    },
    {
      "name": "CVE-2018-8627",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8627"
    },
    {
      "name": "CVE-2018-8635",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8635"
    },
    {
      "name": "CVE-2018-8587",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8587"
    },
    {
      "name": "CVE-2018-8580",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8580"
    },
    {
      "name": "CVE-2018-8628",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8628"
    },
    {
      "name": "CVE-2018-8650",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8650"
    },
    {
      "name": "CVE-2018-8598",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8598"
    },
    {
      "name": "CVE-2018-8597",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8597"
    }
  ],
  "links": [],
  "reference": "CERTFR-2018-AVI-595",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2018-12-12T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Usurpation d\u0027identit\u00e9"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eMicrosoft Office\u003c/span\u003e. Elles permettent \u00e0 un attaquant\nde provoquer une \u00e9l\u00e9vation de privil\u00e8ges, une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es, une ex\u00e9cution de code \u00e0 distance et une\nusurpation d\u0027identit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Office",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 11 d\u00e9cembre 2018",
      "url": "https://portal.msrc.microsoft.com/fr-FR/security-guidance"
    }
  ]
}

GSD-2018-8627

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2018-8627

Aliases

CVE-2018-8627

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2018-8627",
    "description": "An information disclosure vulnerability exists when Microsoft Excel software reads out of bound memory due to an uninitialized variable, which could disclose the contents of memory, aka \"Microsoft Excel Information Disclosure Vulnerability.\" This affects Microsoft Office, Office 365 ProPlus, Microsoft Excel, Microsoft Excel Viewer, Excel. This CVE ID is unique from CVE-2018-8598.",
    "id": "GSD-2018-8627"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2018-8627"
      ],
      "details": "An information disclosure vulnerability exists when Microsoft Excel software reads out of bound memory due to an uninitialized variable, which could disclose the contents of memory, aka \"Microsoft Excel Information Disclosure Vulnerability.\" This affects Microsoft Office, Office 365 ProPlus, Microsoft Excel, Microsoft Excel Viewer, Excel. This CVE ID is unique from CVE-2018-8598.",
      "id": "GSD-2018-8627",
      "modified": "2023-12-13T01:22:34.598075Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secure@microsoft.com",
        "ID": "CVE-2018-8627",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Microsoft Office",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "2010 Service Pack 2 (32-bit editions)"
                        },
                        {
                          "version_value": "2010 Service Pack 2 (64-bit editions)"
                        },
                        {
                          "version_value": "2016 for Mac"
                        },
                        {
                          "version_value": "2019 for 32-bit editions"
                        },
                        {
                          "version_value": "2019 for 64-bit editions"
                        },
                        {
                          "version_value": "2019 for Mac"
                        },
                        {
                          "version_value": "Compatibility Pack Service Pack 3"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Microsoft Excel",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "2010 Service Pack 2 (32-bit editions)"
                        },
                        {
                          "version_value": "2010 Service Pack 2 (64-bit editions)"
                        },
                        {
                          "version_value": "2013 RT Service Pack 1"
                        },
                        {
                          "version_value": "2013 Service Pack 1 (32-bit editions)"
                        },
                        {
                          "version_value": "2013 Service Pack 1 (64-bit editions)"
                        },
                        {
                          "version_value": "2016 (32-bit edition)"
                        },
                        {
                          "version_value": "2016 (64-bit edition)"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Microsoft Excel Viewer",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "2007 Service Pack 3"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Excel",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "Services on Microsoft SharePoint Server 2010 Service Pack 2"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Office",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "365 ProPlus for 32-bit Systems"
                        },
                        {
                          "version_value": "365 ProPlus for 64-bit Systems"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Microsoft"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "An information disclosure vulnerability exists when Microsoft Excel software reads out of bound memory due to an uninitialized variable, which could disclose the contents of memory, aka \"Microsoft Excel Information Disclosure Vulnerability.\" This affects Microsoft Office, Office 365 ProPlus, Microsoft Excel, Microsoft Excel Viewer, Excel. This CVE ID is unique from CVE-2018-8598."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Information Disclosure"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8627",
            "refsource": "CONFIRM",
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8627"
          },
          {
            "name": "106120",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/106120"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:rt:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:office:2016:*:*:*:*:mac_os_x:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:excel_viewer:2007:sp3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:office_365_proplus:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:office_compatibility_pack:-:sp3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:office:2019:*:*:*:*:macos:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2018-8627"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "An information disclosure vulnerability exists when Microsoft Excel software reads out of bound memory due to an uninitialized variable, which could disclose the contents of memory, aka \"Microsoft Excel Information Disclosure Vulnerability.\" This affects Microsoft Office, Office 365 ProPlus, Microsoft Excel, Microsoft Excel Viewer, Excel. This CVE ID is unique from CVE-2018-8598."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-908"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8627",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8627"
            },
            {
              "name": "106120",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/106120"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2020-08-24T17:37Z",
      "publishedDate": "2018-12-12T00:29Z"
    }
  }
}

CNVD-2019-02779

Vulnerability from cnvd - Published: 2019-01-23

Title

Microsoft Excel信息泄露漏洞（CNVD-2019-02779）

Description

Microsoft Excel是微软公司的办公软件Microsoft office的组件之一，是由Microsoft为Windows和Apple Macintosh操作系统的电脑而编写和运行的一款试算表软件。 Microsoft Excel存在信息泄露漏洞。该漏洞源于Microsoft Excel因一个未初始化的变量而存在内存越界读取。攻击者可利用该漏洞获取内存内容。

Severity

中

Patch Name

Microsoft Excel信息泄露漏洞（CNVD-2019-02779）的补丁

Patch Description

Formal description

厂商已发布漏洞修复程序，请及时关注更新： https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8627

Reference

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8627 https://www.securityfocus.com/bid/106120

Impacted products

Name
Microsoft Excel 2010

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": [
      {
        "cveNumber": "CVE-2018-8627"
      },
      {
        "cveNumber": "106120"
      }
    ]
  },
  "description": "Microsoft Excel\u662f\u5fae\u8f6f\u516c\u53f8\u7684\u529e\u516c\u8f6f\u4ef6Microsoft office\u7684\u7ec4\u4ef6\u4e4b\u4e00\uff0c\u662f\u7531Microsoft\u4e3aWindows\u548cApple Macintosh\u64cd\u4f5c\u7cfb\u7edf\u7684\u7535\u8111\u800c\u7f16\u5199\u548c\u8fd0\u884c\u7684\u4e00\u6b3e\u8bd5\u7b97\u8868\u8f6f\u4ef6\u3002\n\nMicrosoft Excel\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8eMicrosoft Excel\u56e0\u4e00\u4e2a\u672a\u521d\u59cb\u5316\u7684\u53d8\u91cf\u800c\u5b58\u5728\u5185\u5b58\u8d8a\u754c\u8bfb\u53d6\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u5185\u5b58\u5185\u5bb9\u3002",
  "discovererName": "Yangkang(@dnpushme) \u0026 Jinquan(@jq0904) of Qihoo360 CoreSecurity(@360CoreSec)",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8627",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2019-02779",
  "openTime": "2019-01-23",
  "patchDescription": "Microsoft Excel\u662f\u5fae\u8f6f\u516c\u53f8\u7684\u529e\u516c\u8f6f\u4ef6Microsoft office\u7684\u7ec4\u4ef6\u4e4b\u4e00\uff0c\u662f\u7531Microsoft\u4e3aWindows\u548cApple Macintosh\u64cd\u4f5c\u7cfb\u7edf\u7684\u7535\u8111\u800c\u7f16\u5199\u548c\u8fd0\u884c\u7684\u4e00\u6b3e\u8bd5\u7b97\u8868\u8f6f\u4ef6\u3002\r\n\r\nMicrosoft Excel\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8eMicrosoft Excel\u56e0\u4e00\u4e2a\u672a\u521d\u59cb\u5316\u7684\u53d8\u91cf\u800c\u5b58\u5728\u5185\u5b58\u8d8a\u754c\u8bfb\u53d6\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u5185\u5b58\u5185\u5bb9\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Microsoft Excel\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff08CNVD-2019-02779\uff09\u7684\u8865\u4e01",
  "products": {
    "product": "Microsoft Excel 2010"
  },
  "referenceLink": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8627\r\nhttps://www.securityfocus.com/bid/106120",
  "serverity": "\u4e2d",
  "submitTime": "2018-12-12",
  "title": "Microsoft Excel\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff08CNVD-2019-02779\uff09"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2018-8627 (GCVE-0-2018-8627)

FKIE_CVE-2018-8627

GHSA-JQ29-W2G2-MRM3

CERTFR-2018-AVI-595

Solution

CERTFR-2018-AVI-595

Solution

GSD-2018-8627

CNVD-2019-02779

Tags

Sightings

Nomenclature