← Back

CVE-2018-0919

nvd nist
Published: Mar 14, 2018Modified: Nov 21, 2024

JSON object

Loading...
3.3
Vector
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
Exploitability: 1.8 / Impact: 1.4
Source: NVD

Description

Microsoft Office 2010 SP2, 2013 SP1, and 2016, Microsoft Office 2016 Click-to-Run Microsoft Office 2016 for Mac, Microsoft Office Web Apps 2010 SP2, Microsoft Office Web Apps 2013 SP1, Microsoft SharePoint Enterprise Server 2013 SP1, Microsoft SharePoint Enterprise Server 2016, Microsoft SharePoint Server 2010 SP2, Microsoft Word 2010 SP2, Word 2013 SP1 and Microsoft Word 2016 allow an information disclosure vulnerability due to how variables are initialized, aka "Microsoft Office Information Disclosure Vulnerability".

Affected (13)

Microsoft
7 products
Office
Office Online Server
Office Web Apps
Office Web Apps Server
Sharepoint Enterprise Server
Sharepoint Server
Word
Configuration A
13 vulnerable
Vulnerable SoftwareAffected Versions
Microsoft
Office
Version 2010 sp2
Office
Version 2016
Office
Version 2016
Office Online Server
Version 2016
Office Web Apps
Version 2010 sp2
Office Web Apps Server
Version 2013 sp1
Microsoft
Sharepoint Enterprise Server
Version 2013 sp1
Sharepoint Enterprise Server
Version 2016
Sharepoint Server
Version 2010 sp2
Microsoft
Word
Version 2010 sp2
Word
Version 2013 sp1
Word
Version 2013 sp1
Word
Version 2016

Related CWEs

CWE-125
Out-of-bounds Read
The product reads data past the end, or before the beginning, of the intended buffer.
CWE-908
Use of Uninitialized Resource
The product uses or accesses a resource that has not been initialized.

References (6)

Source: secure@microsoft.com
Third Party AdvisoryVDB Entry
Source: secure@microsoft.com
Third Party AdvisoryVDB Entry
Source: secure@microsoft.com
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory

Timeline

No history available yet.