CVE-2018-8575

Published: Nov 14, 2018Modified: Nov 21, 2024

7.8

Vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

A remote code execution vulnerability exists in Microsoft Project software when it fails to properly handle objects in memory, aka "Microsoft Project Remote Code Execution Vulnerability." This affects Microsoft Project, Office 365 ProPlus, Microsoft Project Server.

Affected (4)

Products: Microsoft: Office 365 Proplus, Project

2 products

Office 365 Proplus

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Microsoft Office 365 Proplus	All versions
Microsoft Project	Version 2010 sp2
Microsoft Project	Version 2013 sp1
Microsoft Project	Version 2016

References (6)

http://www.securityfocus.com/bid/105807

Source: secure@microsoft.com

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1042116

Source: secure@microsoft.com

Third Party AdvisoryVDB Entry

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8575

Source: secure@microsoft.com

PatchVendor Advisory

http://www.securityfocus.com/bid/105807

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1042116

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8575

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.