CVE-2018-8539 : A remote code execution vulnerability exists in Microsoft Word software when it

A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka "Microsoft Word Remote Code Execution Vulnerability." This affects Microsoft SharePoint Server, Microsoft Office. This CVE ID is unique from CVE-2018-8573.

Published 2018-11-14 01:29:01

Updated 2020-08-24 17:37:01

Source Microsoft Corporation

View at NVD, CVE.org

Vulnerability category: Execute code

Products affected by CVE-2018-8539

Microsoft » Office » Version: 2010 Update SP2
cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:*:*
Matching versions
Microsoft » Sharepoint Server » Version: 2010 Update SP2
cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*
Matching versions
Microsoft » Office Web Apps » Version: 2010 Update SP2
cpe:2.3:a:microsoft:office_web_apps:2010:sp2:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2018-8539

EPSS FAQ

16.08%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 94 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2018-8539

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
9.3	HIGH	AV:N/AC:M/Au:N/C:C/I:C/A:C	8.6	10.0	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete
7.8	HIGH	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	1.8	5.9	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Unchanged Confidentiality: High Integrity: High Availability: High

References for CVE-2018-8539

http://www.securitytracker.com/id/1042112

Microsoft Word File Processing Flaw Lets Remote Users Execute Arbitrary Code - SecurityTracker
Third Party Advisory;VDB Entry
http://www.securityfocus.com/bid/105835

Microsoft Word CVE-2018-8539 Remote Code Execution Vulnerability
Third Party Advisory;VDB Entry
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8539

CVE-2018-8539 | Microsoft Word Remote Code Execution Vulnerability
Patch;Vendor Advisory

Jump to

Vulnerability Details : CVE-2018-8539

Products affected by CVE-2018-8539

Exploit prediction scoring system (EPSS) score for CVE-2018-8539

CVSS scores for CVE-2018-8539

References for CVE-2018-8539