Rapid7 Vulnerability & Exploit Database

Microsoft CVE-2018-8307: WordPad Security Feature Bypass Vulnerability

Free InsightVM Trial No Credit Card Necessary

Watch Demo See how it all works

Back to Search

Microsoft CVE-2018-8307: WordPad Security Feature Bypass Vulnerability

Severity

CVSS

(AV:N/AC:M/Au:N/C:P/I:P/A:P)

Published

07/10/2018

Created

07/25/2018

Added

07/10/2018

Modified

11/18/2021

Description

A security feature bypass vulnerability exists when Microsoft WordPad improperly handles embedded OLE objects. An attacker who successfully exploited the vulnerability could bypass content blocking. In a file-sharing attack scenario, an attacker could provide a specially crafted document file designed to exploit the vulnerability, and then convince a user to open the document file. The security update addresses the vulnerability by correcting how Microsoft WordPad handles input.

Solution(s)

msft-kb4338814-1d730105-0adc-48b0-b97e-f99e48b0bc43
msft-kb4338814-3e8fbcc4-12ae-46d7-a550-98b36cf04be3
msft-kb4338814-c0b5b4ea-e32b-4bd3-8f5a-5d20c0d60b6c
msft-kb4338819-08527cb0-be58-4d15-8f32-45fb469e1e20
msft-kb4338819-9876f789-b78e-461c-aede-5719fef65c90
msft-kb4338819-a4a592f3-8cbf-465f-a51a-63e0e57ec72b
msft-kb4338820-42ded291-a440-4b4d-9efd-877384896802
msft-kb4338820-756f2788-66ec-4732-ab6d-10a889a37d64
msft-kb4338820-e053fade-ae8f-4e1b-a113-c319625bc13c
msft-kb4338823-350c8547-b462-47a7-9150-012b5e59cae5
msft-kb4338823-3c0a22dd-84e1-4d8d-bab0-9c1366320bb0
msft-kb4338823-aad98b57-eed4-4a0e-a44a-6ad82f339406
msft-kb4338823-b304c792-133a-4fa4-8f47-bac9153afd71
msft-kb4338823-b62a64f4-5072-4074-ac63-79ae61e0d4b0
msft-kb4338823-d5fa704a-bd09-4d9b-a68e-8da1fe2642f7
msft-kb4338824-007ce1f3-3a12-40ef-8389-322068b780a7
msft-kb4338824-4f051f3f-abd6-4d6d-8fbe-c78051dfe500
msft-kb4338824-5d49efb1-0497-4625-9504-474fceca16d8
msft-kb4338825-0839cfd6-8d2d-4902-86f9-c500c8c2012e
msft-kb4338825-b4d83549-b9d9-476e-a185-2cbcac3e6da5
msft-kb4338825-f09a0bc7-6651-458a-9781-7fc2aa78f77a
msft-kb4338826-5631f856-d323-46c6-9315-6009b1e15264
msft-kb4338826-68816a0f-47c2-40da-b3cd-f46bc468546e
msft-kb4338829-65462f35-2ae0-49e0-8271-65ae301cb886
msft-kb4338829-b156d204-e2b4-4f8a-baba-c2501be2b4c2
msft-kb4339291-07ef873f-fc26-45b4-8c03-890d359f2776
msft-kb4339291-95b79387-5fa5-4e7b-a312-8c458a878eae
msft-kb4339291-adf2fae3-4f80-442d-a698-8a4bb513dbfc
msft-kb4339291-d8f636d2-1021-425e-a021-6f5552b324da

References

https://attackerkb.com/topics/cve-2018-8307
CVE - 2018-8307
4338814
4338815
4338818
4338819
4338820
4338823
4338824
4338825
4338826
4338829
4338830
4339291

Advanced vulnerability management analytics and reporting.

Key Features

Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;

Rapid7 Vulnerability & Exploit Database

Microsoft CVE-2018-8307: WordPad Security Feature Bypass Vulnerability

Microsoft CVE-2018-8307: WordPad Security Feature Bypass Vulnerability

Description

Solution(s)

References

Success! Thank you for submission. We will be in touch shortly.

Oops! There was a problem in submission. Please try again.

Submit your information and we will get in touch with you.