github - ghsa-j3w6-wp45-9wrf

ghsa-j3w6-wp45-9wrf

Vulnerability from github

Published

2022-05-13 01:21

Modified

2022-05-13 01:21

Severity ?

7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

A remote code execution vulnerability exists in Microsoft Project software when it fails to properly handle objects in memory, aka "Microsoft Project Remote Code Execution Vulnerability." This affects Microsoft Project, Office 365 ProPlus, Microsoft Project Server.

Show details on source website

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2018-8575"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-11-14T01:29:00Z",
    "severity": "HIGH"
  },
  "details": "A remote code execution vulnerability exists in Microsoft Project software when it fails to properly handle objects in memory, aka \"Microsoft Project Remote Code Execution Vulnerability.\" This affects Microsoft Project, Office 365 ProPlus, Microsoft Project Server.",
  "id": "GHSA-j3w6-wp45-9wrf",
  "modified": "2022-05-13T01:21:00Z",
  "published": "2022-05-13T01:21:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-8575"
    },
    {
      "type": "WEB",
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8575"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/105807"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1042116"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

cve-2018-8575

Vulnerability from cvelistv5

Published

2018-11-14 01:00

Modified

2024-08-05 07:02

Severity ?

Summary

A remote code execution vulnerability exists in Microsoft Project software when it fails to properly handle objects in memory, aka "Microsoft Project Remote Code Execution Vulnerability." This affects Microsoft Project, Office 365 ProPlus, Microsoft Project Server.

References

▼	URL	Tags
	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8575	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/105807	vdb-entry, x_refsource_BID
	http://www.securitytracker.com/id/1042116	vdb-entry, x_refsource_SECTRACK

Impacted products

▼	Vendor	Product
	Microsoft	Microsoft Project
	Microsoft	Office
	Microsoft	Microsoft Project Server

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T07:02:25.601Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8575"
          },
          {
            "name": "105807",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/105807"
          },
          {
            "name": "1042116",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1042116"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Microsoft Project",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "2010 Service Pack 2 (32-bit editions)"
            },
            {
              "status": "affected",
              "version": "2010 Service Pack 2 (64-bit editions)"
            },
            {
              "status": "affected",
              "version": "2016 (32-bit edition)"
            },
            {
              "status": "affected",
              "version": "2016 (64-bit edition)"
            }
          ]
        },
        {
          "product": "Office",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "365 ProPlus for 32-bit Systems"
            },
            {
              "status": "affected",
              "version": "365 ProPlus for 64-bit Systems"
            }
          ]
        },
        {
          "product": "Microsoft Project Server",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "2013 Service Pack 1 (32-bit edition)"
            },
            {
              "status": "affected",
              "version": "2013 Service Pack 1 (64-bit edition)"
            }
          ]
        }
      ],
      "datePublic": "2018-11-13T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A remote code execution vulnerability exists in Microsoft Project software when it fails to properly handle objects in memory, aka \"Microsoft Project Remote Code Execution Vulnerability.\" This affects Microsoft Project, Office 365 ProPlus, Microsoft Project Server."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Remote Code Execution",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-11-14T10:57:02",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8575"
        },
        {
          "name": "105807",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/105807"
        },
        {
          "name": "1042116",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1042116"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2018-8575",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Microsoft Project",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2010 Service Pack 2 (32-bit editions)"
                          },
                          {
                            "version_value": "2010 Service Pack 2 (64-bit editions)"
                          },
                          {
                            "version_value": "2016 (32-bit edition)"
                          },
                          {
                            "version_value": "2016 (64-bit edition)"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Office",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "365 ProPlus for 32-bit Systems"
                          },
                          {
                            "version_value": "365 ProPlus for 64-bit Systems"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Microsoft Project Server",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2013 Service Pack 1 (32-bit edition)"
                          },
                          {
                            "version_value": "2013 Service Pack 1 (64-bit edition)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Microsoft"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A remote code execution vulnerability exists in Microsoft Project software when it fails to properly handle objects in memory, aka \"Microsoft Project Remote Code Execution Vulnerability.\" This affects Microsoft Project, Office 365 ProPlus, Microsoft Project Server."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Remote Code Execution"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8575",
              "refsource": "CONFIRM",
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8575"
            },
            {
              "name": "105807",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/105807"
            },
            {
              "name": "1042116",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1042116"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2018-8575",
    "datePublished": "2018-11-14T01:00:00",
    "dateReserved": "2018-03-14T00:00:00",
    "dateUpdated": "2024-08-05T07:02:25.601Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Log in or create an account to share your comment.

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.