CVE-2018-8627 - OpenCVE

An information disclosure vulnerability exists when Microsoft Excel software reads out of bound memory due to an uninitialized variable, which could disclose the contents of memory, aka "Microsoft Excel Information Disclosure Vulnerability." This affects Microsoft Office, Office 365 ProPlus, Microsoft Excel, Microsoft Excel Viewer, Excel. This CVE ID is unique from CVE-2018-8598.

No CVSS v3.1

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:M/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Microsoft	Office Compatibility Pack Office 365 Proplus Office Sharepoint Server Excel Viewer Excel

Configuration 1 [-]

OR	cpe:2.3:a:microsoft:excel:2010:sp2::::::
	cpe:2.3:a:microsoft:excel:2013:sp1::::::
	cpe:2.3:a:microsoft:excel:2013:sp1:::rt:::*
	cpe:2.3:a:microsoft:excel:2016:::::::*
	cpe:2.3:a:microsoft:excel_viewer:2007:sp3::::::
	cpe:2.3:a:microsoft:office:2010:sp2::::::
	cpe:2.3:a:microsoft:office:2016:::::mac_os_x::
	cpe:2.3:a:microsoft:office:2019:::::::*
	cpe:2.3:a:microsoft:office:2019:::::macos::
	cpe:2.3:a:microsoft:office_365_proplus:-:::::::*
	cpe:2.3:a:microsoft:office_compatibility_pack:-:sp3::::::
	cpe:2.3:a:microsoft:sharepoint_server:2010:sp2::::::

References

Link	Resource
http://www.securityfocus.com/bid/106120	Third Party Advisory VDB Entry
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8627	Patch Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: microsoft

Published: 2018-12-12T00:00:00

Updated: 2018-12-12T10:57:01

Reserved: 2018-03-14T00:00:00

Link: CVE-2018-8627

JSON object: View

NVD Information

Status : Analyzed

Published: 2018-12-12T00:29:01.420

Modified: 2020-08-24T17:37:01.140

Link: CVE-2018-8627

JSON object: View

Redhat Information

No data.

CWE

CWE-908

{"containers": {"cna": {"affected": [{"product": "Microsoft Office", "vendor": "Microsoft", "versions": [{"status": "affected", "version": "2010 Service Pack 2 (32-bit editions)"}, {"status": "affected", "version": "2010 Service Pack 2 (64-bit editions)"}, {"status": "affected", "version": "2016 for Mac"}, {"status": "affected", "version": "2019 for 32-bit editions"}, {"status": "affected", "version": "2019 for 64-bit editions"}, {"status": "affected", "version": "2019 for Mac"}, {"status": "affected", "version": "Compatibility Pack Service Pack 3"}]}, {"product": "Microsoft Excel", "vendor": "Microsoft", "versions": [{"status": "affected", "version": "2010 Service Pack 2 (32-bit editions)"}, {"status": "affected", "version": "2010 Service Pack 2 (64-bit editions)"}, {"status": "affected", "version": "2013 RT Service Pack 1"}, {"status": "affected", "version": "2013 Service Pack 1 (32-bit editions)"}, {"status": "affected", "version": "2013 Service Pack 1 (64-bit editions)"}, {"status": "affected", "version": "2016 (32-bit edition)"}, {"status": "affected", "version": "2016 (64-bit edition)"}]}, {"product": "Microsoft Excel Viewer", "vendor": "Microsoft", "versions": [{"status": "affected", "version": "2007 Service Pack 3"}]}, {"product": "Excel", "vendor": "Microsoft", "versions": [{"status": "affected", "version": "Services on Microsoft SharePoint Server 2010 Service Pack 2"}]}, {"product": "Office", "vendor": "Microsoft", "versions": [{"status": "affected", "version": "365 ProPlus for 32-bit Systems"}, {"status": "affected", "version": "365 ProPlus for 64-bit Systems"}]}], "datePublic": "2018-12-11T00:00:00", "descriptions": [{"lang": "en", "value": "An information disclosure vulnerability exists when Microsoft Excel software reads out of bound memory due to an uninitialized variable, which could disclose the contents of memory, aka \"Microsoft Excel Information Disclosure Vulnerability.\" This affects Microsoft Office, Office 365 ProPlus, Microsoft Excel, Microsoft Excel Viewer, Excel. This CVE ID is unique from CVE-2018-8598."}], "problemTypes": [{"descriptions": [{"description": "Information Disclosure", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-12-12T10:57:01", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8627"}, {"name": "106120", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/106120"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secure@microsoft.com", "ID": "CVE-2018-8627", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Microsoft Office", "version": {"version_data": [{"version_value": "2010 Service Pack 2 (32-bit editions)"}, {"version_value": "2010 Service Pack 2 (64-bit editions)"}, {"version_value": "2016 for Mac"}, {"version_value": "2019 for 32-bit editions"}, {"version_value": "2019 for 64-bit editions"}, {"version_value": "2019 for Mac"}, {"version_value": "Compatibility Pack Service Pack 3"}]}}, {"product_name": "Microsoft Excel", "version": {"version_data": [{"version_value": "2010 Service Pack 2 (32-bit editions)"}, {"version_value": "2010 Service Pack 2 (64-bit editions)"}, {"version_value": "2013 RT Service Pack 1"}, {"version_value": "2013 Service Pack 1 (32-bit editions)"}, {"version_value": "2013 Service Pack 1 (64-bit editions)"}, {"version_value": "2016 (32-bit edition)"}, {"version_value": "2016 (64-bit edition)"}]}}, {"product_name": "Microsoft Excel Viewer", "version": {"version_data": [{"version_value": "2007 Service Pack 3"}]}}, {"product_name": "Excel", "version": {"version_data": [{"version_value": "Services on Microsoft SharePoint Server 2010 Service Pack 2"}]}}, {"product_name": "Office", "version": {"version_data": [{"version_value": "365 ProPlus for 32-bit Systems"}, {"version_value": "365 ProPlus for 64-bit Systems"}]}}]}, "vendor_name": "Microsoft"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An information disclosure vulnerability exists when Microsoft Excel software reads out of bound memory due to an uninitialized variable, which could disclose the contents of memory, aka \"Microsoft Excel Information Disclosure Vulnerability.\" This affects Microsoft Office, Office 365 ProPlus, Microsoft Excel, Microsoft Excel Viewer, Excel. This CVE ID is unique from CVE-2018-8598."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Information Disclosure"}]}]}, "references": {"reference_data": [{"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8627", "refsource": "CONFIRM", "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8627"}, {"name": "106120", "refsource": "BID", "url": "http://www.securityfocus.com/bid/106120"}]}}}}, "cveMetadata": {"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2018-8627", "datePublished": "2018-12-12T00:00:00", "dateReserved": "2018-03-14T00:00:00", "dateUpdated": "2018-12-12T10:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:*:*", "matchCriteriaId": "E36D981E-E56D-46C7-9486-FC691A75C497", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:*:*", "matchCriteriaId": "F564117D-450D-45C4-9688-AF35F630A8A7", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:rt:*:*:*", "matchCriteriaId": "3A062169-527E-43DA-8AE0-FD4FBA1B2A9B", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:*:*", "matchCriteriaId": "09BF0981-749E-470B-A7AC-95AD087797EF", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:excel_viewer:2007:sp3:*:*:*:*:*:*", "matchCriteriaId": "E4635DA5-27DA-43FF-92AC-A9F80218A2F0", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:*:*", "matchCriteriaId": "081DE1E3-4622-4C32-8B9C-9AEC1CD20638", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:office:2016:*:*:*:*:mac_os_x:*:*", "matchCriteriaId": "04435803-F25B-4384-8ADD-001E87F5813A", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:*:*", "matchCriteriaId": "FF177984-A906-43FA-BF60-298133FBBD6B", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:office:2019:*:*:*:*:macos:*:*", "matchCriteriaId": "40961B9E-80B6-42E0-A876-58B3CE056E4E", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:office_365_proplus:-:*:*:*:*:*:*:*", "matchCriteriaId": "CA035812-F35A-43F1-9A8D-EE02201AA10A", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:-:sp3:*:*:*:*:*:*", "matchCriteriaId": "71AF058A-2E5D-4B11-88DB-8903C64B13C1", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*", "matchCriteriaId": "9A57C675-05A9-4BC2-AE95-7CA5CA6B1F73", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An information disclosure vulnerability exists when Microsoft Excel software reads out of bound memory due to an uninitialized variable, which could disclose the contents of memory, aka \"Microsoft Excel Information Disclosure Vulnerability.\" This affects Microsoft Office, Office 365 ProPlus, Microsoft Excel, Microsoft Excel Viewer, Excel. This CVE ID is unique from CVE-2018-8598."}, {"lang": "es", "value": "Existe una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n cuando el software de Microsoft Excel lee memoria fuera de l\u00edmites debido a una variable no inicializada, que podr\u00eda divulgar el contenido de la memoria. Esto tambi\u00e9n se conoce como \"Microsoft Excel Information Disclosure Vulnerability\". Esto afecta a Microsoft Office, ffice 365 ProPlus, Microsoft Excel, Microsoft Excel Viewer y Excel. El ID de este CVE es diferente de CVE-2018-8598."}], "id": "CVE-2018-8627", "lastModified": "2020-08-24T17:37:01.140", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-12-12T00:29:01.420", "references": [{"source": "secure@microsoft.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/106120"}, {"source": "secure@microsoft.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8627"}], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-908"}], "source": "nvd@nist.gov", "type": "Primary"}]}