9.3
CVE-2018-1028
- EPSS 34.49%
- Veröffentlicht 12.04.2018 01:29:10
- Zuletzt bearbeitet 21.11.2024 03:59:01
- Quelle secure@microsoft.com
- Teams Watchlist Login
- Unerledigt Login
A remote code execution vulnerability exists when the Office graphics component improperly handles specially crafted embedded fonts, aka "Microsoft Office Graphics Remote Code Execution Vulnerability." This affects Word, Microsoft Office, Microsoft SharePoint, Excel, Microsoft SharePoint Server.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Microsoft ≫ Excel Services Version-
Microsoft ≫ Office 2010 Updatesp2
Microsoft ≫ Office Web Apps Version2010 Updatesp2
Microsoft ≫ Office Web Apps Version2013 Updatesp1
Microsoft ≫ Sharepoint Enterprise Server Version2013 Updatesp1
Microsoft ≫ Sharepoint Enterprise Server Version2016
Microsoft ≫ Word Automation Services Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 34.49% | 0.969 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 9.3 | 8.6 | 10 |
AV:N/AC:M/Au:N/C:C/I:C/A:C
|
CWE-94 Improper Control of Generation of Code ('Code Injection')
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.