vulnerability

Microsoft CVE-2018-0950: Microsoft Office Information Disclosure Vulnerability

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
4	(AV:N/AC:M/Au:N/C:P/I:N/A:N)	Apr 10, 2018	Apr 10, 2018	Aug 21, 2019

Severity

CVSS

(AV:N/AC:M/Au:N/C:P/I:N/A:N)

Published

Apr 10, 2018

Added

Apr 10, 2018

Modified

Aug 21, 2019

Description

An information disclosure vulnerability exists when Office renders Rich Text Format (RTF) email messages containing OLE objects when a message is opened or previewed. This vulnerability could potentially result in the disclosure of sensitive information to a malicious site.
To exploit the vulnerability, an attacker would have to send an RTF-formatted email to a user and convince the user to open or preview the email. A connection to a remote SMB server could then be automatically initiated, enabling the attacker to brute-force attack the corresponding NTLM challenge and response in order to disclose the corresponding hash password.
The security update addresses the vulnerability by correcting how Office processes OLE objects.

Solutions

msft-kb4018347-06cc22a2-1001-42da-8739-68396fc0d67fmsft-kb4018347-7f47c53b-db37-494f-8101-29e3541b353cmsft-kb4018354-6f83ae0a-b693-4ae2-a6fd-ab40d06efe99msft-kb4018355-117b0737-185c-48a6-a0f1-c2793a9d1841msft-kb4018357-207130f6-3078-4c1f-9cb9-0174168aaf66msft-kb4018357-5d4a2663-13d8-4338-bc0e-0b0c56f133bbmsft-kb4018359-3787da0b-ce95-4911-a5df-1c7e262aa4b4msft-kb4018359-6dafe5bd-f78e-4cde-bb3d-a610c31185f7

References

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today