CVE-2018-8378

CVE Database · CVE-2018-8378

CVE-2018-8378

· N/AModified

CVSS v3.1

N/A

EPSS

6.85%

Published

Aug 15, 2018

Modified

Nov 21, 2024

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

An information disclosure vulnerability exists when Microsoft Office software reads out of bound memory due to an uninitialized variable, which could disclose the contents of memory, aka "Microsoft Office Information Disclosure Vulnerability." This affects Word, Microsoft SharePoint Server, Microsoft Office Word Viewer, Microsoft Excel Viewer, Microsoft SharePoint, Microsoft Office.

Weaknesses (CWE)

CWE-125CWE-908

Affected Products (15)

microsoft · excel_viewervulnerable

microsoft · officevulnerable

microsoft · office_compatibility_packvulnerable

microsoft · office_web_appsvulnerable

microsoft · office_word_viewervulnerable

References (4)

http://www.securityfocus.com/bid/104996

Third Party AdvisoryVDB Entry

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8378

PatchVendor Advisory

http://www.securityfocus.com/bid/104996

Third Party AdvisoryVDB Entry

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8378

PatchVendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs