Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2018-0919
HistoryMar 14, 2018 - 5:29 p.m.

CVE-2018-0919

2018-03-1417:29:02
CWE-908
CWE-125
[email protected]
web.nvd.nist.gov
44
2
microsoft office
information disclosure
vulnerability
cve-2018-0919
nvd
security

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

3.3 Low

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

4.9 Medium

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

71.3%

JSON

Microsoft Office 2010 SP2, 2013 SP1, and 2016, Microsoft Office 2016 Click-to-Run Microsoft Office 2016 for Mac, Microsoft Office Web Apps 2010 SP2, Microsoft Office Web Apps 2013 SP1, Microsoft SharePoint Enterprise Server 2013 SP1, Microsoft SharePoint Enterprise Server 2016, Microsoft SharePoint Server 2010 SP2, Microsoft Word 2010 SP2, Word 2013 SP1 and Microsoft Word 2016 allow an information disclosure vulnerability due to how variables are initialized, aka “Microsoft Office Information Disclosure Vulnerability”.

Affected configurations

Vulners
NVD
Node
microsoft_corporationmicrosoft_office

CNA Affected

[
  {
    "product": "Microsoft Office",
    "vendor": "Microsoft Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "Microsoft Office 2010 SP2, 2013 SP1, and 2016, Microsoft Office 2016 Click-to-Run Microsoft Office 2016 for Mac, Microsoft Office Web Apps 2010 SP2, Microsoft Office Web Apps 2013 SP1, Microsoft SharePoint Enterprise Server 2013 SP1, Microsoft SharePoint Enterprise Server 2016, Microsoft SharePoint Server 2010 SP2, Microsoft Word 2010 SP2, Word 2013 SP1 and Microsoft Word 2016"
      }
    ]
  }
]

Social References

More

Related

mskb 10
openvas 5
nvd 1
prion 1
cvelist 1
symantec 1
mscve 1
nessus 5
kaspersky 1
talosblog 1
trendmicroblog 1
mskb
mskb
Description of the security update for Word 2016: March 13, 2018
2018-03-13 07:00:00
Description of the security update for Word 2010: March 13, 2018
2018-03-13 07:00:00
Description of the security update for SharePoint Server 2010: March 13, 2018
2018-03-13 07:00:00
openvas
openvas
Microsoft Word 2016 Information Disclosure Vulnerability (KB4011730)
2018-03-14 00:00:00
Microsoft Office Web Apps Server 2013 RCE And Information Disclosure Vulnerabilities (KB4011692)
2018-03-14 00:00:00
Microsoft Office Web Apps 2010 Service Pack 2 Multiple Vulnerabilities (KB4011709)
2018-03-14 00:00:00
nvd
nvd
CVE-2018-0919
2018-03-14 17:29:02
prion
prion
Information disclosure
2018-03-14 17:29:00
cvelist
cvelist
CVE-2018-0919
2018-03-14 00:00:00
symantec
symantec
Microsoft Office CVE-2018-0919 Information Disclosure Vulnerability
2018-03-13 00:00:00
mscve
mscve
Microsoft Office Information Disclosure Vulnerability
2018-03-13 07:00:00
nessus
nessus
Security Update for Microsoft Office (March 2018) (macOS)
2018-03-13 00:00:00
Security Updates for Microsoft Office Online Server and Microsoft Office Web Apps (March 2018)
2018-03-13 00:00:00
Security Updates for Microsoft Office Products (March 2018)
2018-03-13 00:00:00
kaspersky
kaspersky
KLA11213 Multiple vulnerabilities in Microsoft Office
2018-03-13 00:00:00
talosblog
talosblog
Microsoft Patch Tuesday - March 2018
2018-03-13 14:38:00
trendmicroblog
trendmicroblog
TippingPoint Threat Intelligence and Zero-Day Coverage – Week of March 12, 2018
2018-03-16 15:14:43

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

3.3 Low

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

4.9 Medium

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

71.3%

JSON
Related for CVE-2018-0919
mskb10openvas5nvd1prion1cvelist1symantec1mscve1nessus5kaspersky1talosblog1trendmicroblog1