CVE-2018-8427 - OpenCVE

An information disclosure vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka "Microsoft Graphics Components Information Disclosure Vulnerability." This affects Microsoft Office, Microsoft Office Word Viewer, Office 365 ProPlus, Windows Server 2008, Microsoft PowerPoint Viewer, Microsoft Excel Viewer.

No CVSS v4.0

No CVSS v3.1

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:L/AC:L/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Microsoft	Excel Viewer Office Office 365 Proplus Office Compatibility Pack Office Word Viewer Powerpoint Viewer Windows Server 2008

Configuration 1 [-]

OR	cpe:2.3:a:microsoft:excel_viewer:2007:sp3::::::
	cpe:2.3:a:microsoft:office:2016:::::mac_os_x::
	cpe:2.3:a:microsoft:office:2019:::::::*
	cpe:2.3:a:microsoft:office_365_proplus:-:::::::*
	cpe:2.3:a:microsoft:office_compatibility_pack:-:sp3::::::
	cpe:2.3:a:microsoft:office_word_viewer:-:::::::*
	cpe:2.3:a:microsoft:powerpoint_viewer:2007:::::::*
	cpe:2.3:o:microsoft:windows_server_2008:-:sp2::::::

No data.

References

Link	Providers
http://www.securityfocus.com/bid/105453
http://www.securitytracker.com/id/1041823
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8427

History

No history.

MITRE

Status: PUBLISHED

Assigner: microsoft

Published: 2018-10-10T13:00:00

Updated: 2024-08-05T06:54:36.426Z

Reserved: 2018-03-14T00:00:00

Link: CVE-2018-8427

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2018-10-10T13:29:02.167

Modified: 2018-11-27T16:04:58.607

Link: CVE-2018-8427

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Microsoft Office", "vendor": "Microsoft", "versions": [{"status": "affected", "version": "2016 for Mac"}, {"status": "affected", "version": "2019 for 32-bit editions"}, {"status": "affected", "version": "2019 for 64-bit editions"}, {"status": "affected", "version": "Compatibility Pack Service Pack 3"}]}, {"product": "Microsoft Office Word Viewer", "vendor": "Microsoft", "versions": [{"status": "affected", "version": "Microsoft Office Word Viewer"}]}, {"product": "Windows Server 2008", "vendor": "Microsoft", "versions": [{"status": "affected", "version": "32-bit Systems Service Pack 2"}, {"status": "affected", "version": "32-bit Systems Service Pack 2 (Server Core installation)"}, {"status": "affected", "version": "Itanium-Based Systems Service Pack 2"}, {"status": "affected", "version": "x64-based Systems Service Pack 2"}, {"status": "affected", "version": "x64-based Systems Service Pack 2 (Server Core installation)"}]}, {"product": "Microsoft PowerPoint Viewer", "vendor": "Microsoft", "versions": [{"status": "affected", "version": "2007"}]}, {"product": "Office", "vendor": "Microsoft", "versions": [{"status": "affected", "version": "365 ProPlus for 32-bit Systems"}, {"status": "affected", "version": "365 ProPlus for 64-bit Systems"}]}, {"product": "Microsoft Excel Viewer", "vendor": "Microsoft", "versions": [{"status": "affected", "version": "2007 Service Pack 3"}]}], "datePublic": "2018-10-09T00:00:00", "descriptions": [{"lang": "en", "value": "An information disclosure vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka \"Microsoft Graphics Components Information Disclosure Vulnerability.\" This affects Microsoft Office, Microsoft Office Word Viewer, Office 365 ProPlus, Windows Server 2008, Microsoft PowerPoint Viewer, Microsoft Excel Viewer."}], "problemTypes": [{"descriptions": [{"description": "Information Disclosure", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-11T09:57:01", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft"}, "references": [{"name": "1041823", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1041823"}, {"name": "105453", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/105453"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8427"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secure@microsoft.com", "ID": "CVE-2018-8427", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Microsoft Office", "version": {"version_data": [{"version_value": "2016 for Mac"}, {"version_value": "2019 for 32-bit editions"}, {"version_value": "2019 for 64-bit editions"}, {"version_value": "Compatibility Pack Service Pack 3"}]}}, {"product_name": "Microsoft Office Word Viewer", "version": {"version_data": [{"version_value": "Microsoft Office Word Viewer"}]}}, {"product_name": "Windows Server 2008", "version": {"version_data": [{"version_value": "32-bit Systems Service Pack 2"}, {"version_value": "32-bit Systems Service Pack 2 (Server Core installation)"}, {"version_value": "Itanium-Based Systems Service Pack 2"}, {"version_value": "x64-based Systems Service Pack 2"}, {"version_value": "x64-based Systems Service Pack 2 (Server Core installation)"}]}}, {"product_name": "Microsoft PowerPoint Viewer", "version": {"version_data": [{"version_value": "2007"}]}}, {"product_name": "Office", "version": {"version_data": [{"version_value": "365 ProPlus for 32-bit Systems"}, {"version_value": "365 ProPlus for 64-bit Systems"}]}}, {"product_name": "Microsoft Excel Viewer", "version": {"version_data": [{"version_value": "2007 Service Pack 3"}]}}]}, "vendor_name": "Microsoft"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An information disclosure vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka \"Microsoft Graphics Components Information Disclosure Vulnerability.\" This affects Microsoft Office, Microsoft Office Word Viewer, Office 365 ProPlus, Windows Server 2008, Microsoft PowerPoint Viewer, Microsoft Excel Viewer."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Information Disclosure"}]}]}, "references": {"reference_data": [{"name": "1041823", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1041823"}, {"name": "105453", "refsource": "BID", "url": "http://www.securityfocus.com/bid/105453"}, {"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8427", "refsource": "CONFIRM", "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8427"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T06:54:36.426Z"}, "title": "CVE Program Container", "references": [{"name": "1041823", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1041823"}, {"name": "105453", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/105453"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8427"}]}]}, "cveMetadata": {"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2018-8427", "datePublished": "2018-10-10T13:00:00", "dateReserved": "2018-03-14T00:00:00", "dateUpdated": "2024-08-05T06:54:36.426Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:excel_viewer:2007:sp3:*:*:*:*:*:*", "matchCriteriaId": "E4635DA5-27DA-43FF-92AC-A9F80218A2F0", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:office:2016:*:*:*:*:mac_os_x:*:*", "matchCriteriaId": "04435803-F25B-4384-8ADD-001E87F5813A", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:*:*", "matchCriteriaId": "FF177984-A906-43FA-BF60-298133FBBD6B", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:office_365_proplus:-:*:*:*:*:*:*:*", "matchCriteriaId": "CA035812-F35A-43F1-9A8D-EE02201AA10A", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:-:sp3:*:*:*:*:*:*", "matchCriteriaId": "71AF058A-2E5D-4B11-88DB-8903C64B13C1", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:office_word_viewer:-:*:*:*:*:*:*:*", "matchCriteriaId": "C64B2636-8F96-48BA-921F-A8FA0E62DE63", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:powerpoint_viewer:2007:*:*:*:*:*:*:*", "matchCriteriaId": "2D744C6F-DEFB-4EC5-B635-2EE7DC7C07F3", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An information disclosure vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka \"Microsoft Graphics Components Information Disclosure Vulnerability.\" This affects Microsoft Office, Microsoft Office Word Viewer, Office 365 ProPlus, Windows Server 2008, Microsoft PowerPoint Viewer, Microsoft Excel Viewer."}, {"lang": "es", "value": "Existe una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n cuando el componente Windows Graphics de Microsoft gestiona los objetos en la memoria. Esto tambi\u00e9n se conoce como \"Microsoft Graphics Components Information Disclosure Vulnerability\". Esto afecta a Microsoft Office, Microsoft Office Word Viewer, Office 365 ProPlus, Windows Server 2008, Microsoft PowerPoint Viewer y Microsoft Excel Viewer."}], "id": "CVE-2018-8427", "lastModified": "2018-11-27T16:04:58.607", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-10-10T13:29:02.167", "references": [{"source": "secure@microsoft.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/105453"}, {"source": "secure@microsoft.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1041823"}, {"source": "secure@microsoft.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8427"}], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}