vulnerability

Microsoft CVE-2018-8247: Microsoft Office Elevation of Privilege Vulnerability

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
6	(AV:N/AC:M/Au:N/C:P/I:P/A:N)	Jun 12, 2018	Jun 12, 2018	Aug 20, 2019

Severity

CVSS

(AV:N/AC:M/Au:N/C:P/I:P/A:N)

Published

Jun 12, 2018

Added

Jun 12, 2018

Modified

Aug 20, 2019

Description

An elevation of privilege vulnerability exists when Office Web Apps Server 2013 and Office Online Server fail to properly handle web requests. An attacker who successfully exploited this vulnerability could perform script/content injection attacks and attempt to trick the user into disclosing sensitive information.
To exploit the vulnerability, an attacker could send an email message containing a malicious link to a user. Alternatively, an attacker could use a chat client to social engineer a user into clicking the malicious link. The user must click the malicious link for the vulnerability to be exploited.
The security update addresses the vulnerability by correcting how Office Web Apps Server 2013 and Office Online Server validate web requests.

Solutions

msft-kb4011026-67fd038a-a734-478a-8a4c-363273909153msft-kb4022183-1f39abc0-8132-43ab-8055-269b57e3d0f9msft-kb4022183-fc9a1f91-7142-4526-a233-0f6a0c7f1d69

References

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today