CVE-2018-8378

An information disclosure vulnerability exists when Microsoft Office software reads out of bound memory due to an uninitialized variable, which could disclose the contents of memory, aka "Microsoft Office Information Disclosure Vulnerability." This affects Word, Microsoft SharePoint Server, Microsoft Office Word Viewer, Microsoft Excel Viewer, Microsoft SharePoint, Microsoft Office.
References
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:microsoft:excel_viewer:2007:sp3:*:*:*:*:*:*
cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:*:*
cpe:2.3:a:microsoft:office:2013:sp1:*:*:*:*:*:*
cpe:2.3:a:microsoft:office:2013:sp1:*:*:rt:*:*:*
cpe:2.3:a:microsoft:office:2016:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:office:2016:*:*:*:click-to-run:*:*:*
cpe:2.3:a:microsoft:office_compatibility_pack:-:sp3:*:*:*:*:*:*
cpe:2.3:a:microsoft:office_web_apps:2010:sp2:*:*:*:*:*:*
cpe:2.3:a:microsoft:office_web_apps:2013:sp1:*:*:*:*:*:*
cpe:2.3:a:microsoft:office_word_viewer:-:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:sharepoint_enterprise_server_2013:-:sp1:*:*:*:*:*:*
cpe:2.3:a:microsoft:sharepoint_enterprise_server_2016:-:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:sharepoint_server:2013:sp1:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:a:microsoft:word_automation_services:-:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*

History

No history.

Information

Published : 2018-08-15 17:29

Updated : 2024-02-28 16:48


NVD link : CVE-2018-8378

Mitre link : CVE-2018-8378

CVE.ORG link : CVE-2018-8378


JSON object : View

Products Affected

microsoft

  • office_compatibility_pack
  • office_word_viewer
  • sharepoint_enterprise_server_2013
  • word_automation_services
  • office_web_apps
  • office
  • excel_viewer
  • sharepoint_enterprise_server_2016
  • sharepoint_server
CWE
CWE-125

Out-of-bounds Read

CWE-908

Use of Uninitialized Resource