Lucene search

[email protected]CVE-2018-8427

HistoryOct 10, 2018 - 1:29 p.m.

CVE-2018-8427

2018-10-1013:29:00

CWE-200

[email protected]

web.nvd.nist.gov

cve-2018-8427

information disclosure

microsoft

graphics components

memory handling

office

windows server

powerpoint viewer

excel viewer

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

5.7 Medium

AI Score

Confidence

High

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

0.003 Low

EPSS

Percentile

65.5%

JSON

An information disclosure vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka “Microsoft Graphics Components Information Disclosure Vulnerability.” This affects Microsoft Office, Microsoft Office Word Viewer, Office 365 ProPlus, Windows Server 2008, Microsoft PowerPoint Viewer, Microsoft Excel Viewer.

VendorProductVersionCPE
microsoftoffice*cpe:2.3:a:microsoft:office:*:*:*:*:*:*:*:*
microsoftoffice*cpe:2.3:a:microsoft:office:*:*:*:*:*:*:*:*
microsoftoffice*cpe:2.3:a:microsoft:office:*:*:*:*:*:*:*:*
microsoftoffice*cpe:2.3:a:microsoft:office:*:*:*:*:*:*:*:*
microsoftoffice_word_viewer*cpe:2.3:a:microsoft:office_word_viewer:*:*:*:*:*:*:*:*
microsoftwindows_server_200832-bit Systems Service Pack 2cpe:2.3:o:microsoft:windows_server_2008:32-bit Systems Service Pack 2:*:*:*:*:*:*:*
microsoftwindows_server_200832-bit Systems Service Pack 2 (Server Core installation)cpe:2.3:o:microsoft:windows_server_2008:32-bit Systems Service Pack 2 (Server Core installation):*:*:*:*:*:*:*
microsoftwindows_server_2008Itanium-Based Systems Service Pack 2cpe:2.3:o:microsoft:windows_server_2008:Itanium-Based Systems Service Pack 2:*:*:*:*:*:*:*
microsoftwindows_server_2008x64-based Systems Service Pack 2cpe:2.3:o:microsoft:windows_server_2008:x64-based Systems Service Pack 2:*:*:*:*:*:*:*
microsoftwindows_server_2008x64-based Systems Service Pack 2 (Server Core installation)cpe:2.3:o:microsoft:windows_server_2008:x64-based Systems Service Pack 2 (Server Core installation):*:*:*:*:*:*:*

Vendor	Product	Version	CPE
microsoft	office	*	cpe:2.3:a:microsoft:office::::::::
microsoft	office	*	cpe:2.3:a:microsoft:office::::::::
microsoft	office	*	cpe:2.3:a:microsoft:office::::::::
microsoft	office	*	cpe:2.3:a:microsoft:office::::::::
microsoft	office_word_viewer	*	cpe:2.3:a:microsoft:office_word_viewer::::::::
microsoft	windows_server_2008	32-bit Systems Service Pack 2	cpe:2.3:o:microsoft:windows_server_2008:32-bit Systems Service Pack 2:::::::*
microsoft	windows_server_2008	32-bit Systems Service Pack 2 (Server Core installation)	cpe:2.3:o:microsoft:windows_server_2008:32-bit Systems Service Pack 2 (Server Core installation):::::::*
microsoft	windows_server_2008	Itanium-Based Systems Service Pack 2	cpe:2.3:o:microsoft:windows_server_2008:Itanium-Based Systems Service Pack 2:::::::*
microsoft	windows_server_2008	x64-based Systems Service Pack 2	cpe:2.3:o:microsoft:windows_server_2008:x64-based Systems Service Pack 2:::::::*
microsoft	windows_server_2008	x64-based Systems Service Pack 2 (Server Core installation)	cpe:2.3:o:microsoft:windows_server_2008:x64-based Systems Service Pack 2 (Server Core installation):::::::*