Lucene search

[email protected]CVE-2018-8432

HistoryOct 10, 2018 - 1:29 p.m.

CVE-2018-8432

2018-10-1013:29:00

NVD-CWE-noinfo

[email protected]

web.nvd.nist.gov

microsoft

graphics components

remote code execution

vulnerability

windows 7

office

office 365 proplus

excel viewer

powerpoint viewer

windows server 2019

windows 10

nvd

cve-2018-8432

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.9 High

AI Score

Confidence

High

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.118 Low

EPSS

Percentile

95.2%

JSON

A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka “Microsoft Graphics Components Remote Code Execution Vulnerability.” This affects Windows 7, Microsoft Office, Microsoft Office Word Viewer, Office 365 ProPlus, Microsoft Excel Viewer, Microsoft PowerPoint Viewer, Windows Server 2019, Windows Server 2008 R2, Windows 10, Windows Server 2008.

VendorProductVersionCPE
microsoftwindows_732-bit Systems Service Pack 1cpe:2.3:o:microsoft:windows_7:32-bit Systems Service Pack 1:*:*:*:*:*:*:*
microsoftwindows_7x64-based Systems Service Pack 1cpe:2.3:o:microsoft:windows_7:x64-based Systems Service Pack 1:*:*:*:*:*:*:*
microsoftoffice*cpe:2.3:a:microsoft:office:*:*:*:*:*:*:*:*
microsoftoffice*cpe:2.3:a:microsoft:office:*:*:*:*:*:*:*:*
microsoftoffice*cpe:2.3:a:microsoft:office:*:*:*:*:*:*:*:*
microsoftoffice*cpe:2.3:a:microsoft:office:*:*:*:*:*:*:*:*
microsoftoffice_word_viewer*cpe:2.3:a:microsoft:office_word_viewer:*:*:*:*:*:*:*:*
microsoftexcel_viewer*cpe:2.3:a:microsoft:excel_viewer:*:*:*:*:*:*:*:*
microsoftpowerpoint_viewer2003cpe:2.3:a:microsoft:powerpoint_viewer:2003:*:*:*:*:*:*:*
microsoftwindows_server_2019(Server Core installation)cpe:2.3:o:microsoft:windows_server_2019:(Server Core installation):*:*:*:*:*:*:*

Vendor	Product	Version	CPE
microsoft	windows_7	32-bit Systems Service Pack 1	cpe:2.3:o:microsoft:windows_7:32-bit Systems Service Pack 1:::::::*
microsoft	windows_7	x64-based Systems Service Pack 1	cpe:2.3:o:microsoft:windows_7:x64-based Systems Service Pack 1:::::::*
microsoft	office	*	cpe:2.3:a:microsoft:office::::::::
microsoft	office	*	cpe:2.3:a:microsoft:office::::::::
microsoft	office	*	cpe:2.3:a:microsoft:office::::::::
microsoft	office	*	cpe:2.3:a:microsoft:office::::::::
microsoft	office_word_viewer	*	cpe:2.3:a:microsoft:office_word_viewer::::::::
microsoft	excel_viewer	*	cpe:2.3:a:microsoft:excel_viewer::::::::
microsoft	powerpoint_viewer	2003	cpe:2.3:a:microsoft:powerpoint_viewer:2003:::::::*
microsoft	windows_server_2019	(Server Core installation)	cpe:2.3:o:microsoft:windows_server_2019:(Server Core installation):::::::*