4.3

CVE-2018-0919

Microsoft Office 2010 SP2, 2013 SP1, and 2016, Microsoft Office 2016 Click-to-Run Microsoft Office 2016 for Mac, Microsoft Office Web Apps 2010 SP2, Microsoft Office Web Apps 2013 SP1, Microsoft SharePoint Enterprise Server 2013 SP1, Microsoft SharePoint Enterprise Server 2016, Microsoft SharePoint Server 2010 SP2, Microsoft Word 2010 SP2, Word 2013 SP1 and Microsoft Word 2016 allow an information disclosure vulnerability due to how variables are initialized, aka "Microsoft Office Information Disclosure Vulnerability".

Data is provided by the National Vulnerability Database (NVD)
MicrosoftOffice Version2010 Updatesp2
MicrosoftOffice Version2016 SwPlatformmac_os_x
MicrosoftOffice Version2016 SwEditionclick-to-run
MicrosoftOffice Web Apps Version2010 Updatesp2
MicrosoftOffice Web Apps Server Version2013 Updatesp1
MicrosoftSharepoint Enterprise Server Version2013 Updatesp1
MicrosoftSharepoint Server Version2010 Updatesp2
MicrosoftWord Version2010 Updatesp2
MicrosoftWord Version2013 Updatesp1
MicrosoftWord Version2013 Updatesp1 SwEditionrt
MicrosoftWord Version2016
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 10.96% 0.931
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 3.3 1.8 1.4
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:P/I:N/A:N
CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

CWE-908 Use of Uninitialized Resource

The product uses or accesses a resource that has not been initialized.

http://www.securityfocus.com/bid/103311
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1040526
Third Party Advisory
VDB Entry