vulnerability

Microsoft CVE-2018-8245: Microsoft Publisher Remote Code Execution Vulnerability

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
7	(AV:N/AC:M/Au:N/C:P/I:P/A:P)	Jun 12, 2018	Jun 12, 2018	Aug 20, 2019

Severity

CVSS

(AV:N/AC:M/Au:N/C:P/I:P/A:P)

Published

Jun 12, 2018

Added

Jun 12, 2018

Modified

Aug 20, 2019

Description

A remote code execution vulnerability exists when Microsoft Publisher fails to utilize features that lock down the Local Machine zone when instantiating OLE objects. An attacker who successfully exploited the vulnerability could force arbitrary code to be executed in the Local Machine zone.
To exploit the vulnerability, the attacker could send a specially crafted Publisher document to a victim. The user would then need to open the document in Publisher to trigger the vulnerability.
This update addresses the vulnerability by ensuring that Publisher properly utilizes built-in OS functionality to lock down the Local Machine zone.

Solutions

msft-kb4011186-4564150c-2ab1-42e4-a135-105b924dc45dmsft-kb4011186-ea59b9dc-1c78-42c5-8b66-4284680400ae

References

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today