Vulnerability Details : CVE-2018-8310
A tampering vulnerability exists when Microsoft Outlook does not properly handle specific attachment types when rendering HTML emails, aka "Microsoft Office Tampering Vulnerability." This affects Microsoft Word, Microsoft Office.
Products affected by CVE-2018-8310
- cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:*:*
- cpe:2.3:a:microsoft:office:2016:*:*:*:click-to-run:*:*:*
- cpe:2.3:a:microsoft:word:2010:sp2:*:*:*:*:*:*
- cpe:2.3:a:microsoft:word:2013:sp1:*:*:*:*:*:*
- cpe:2.3:a:microsoft:word:2013:sp1:*:*:rt:*:*:*
- cpe:2.3:a:microsoft:word:2016:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-8310
0.99%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 83 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-8310
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:P/A:N |
10.0
|
2.9
|
NIST | |
7.5
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
3.9
|
3.6
|
NIST |
References for CVE-2018-8310
-
http://www.securitytracker.com/id/1041274
Microsoft Outlook Attachment Handling Flaw Lets Remote Users Embed Untrusted Fonts in the Body of an Email - SecurityTrackerThird Party Advisory;VDB Entry
-
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8310
CVE-2018-8310 | Microsoft Office Tampering VulnerabilityPatch;Vendor Advisory
-
http://www.securityfocus.com/bid/104615
Microsoft Office CVE-2018-8310 Security Bypass VulnerabilityThird Party Advisory;VDB Entry
Jump to