CVE Number | Vulnerability | Product | Severity | Date |
---|---|---|---|---|
CVE-2018-1028 | Microsoft Office Graphics Remote Code Execution Vulnerability | Microsoft Office | Important | 11-04-2018 |
Technical Information
Brief overview of the risk:
A remote code execution vulnerability exists when the Office graphics component improperly handles specially crafted embedded fonts. An attacker who successfully exploited this vulnerability could take control of the affected system.
Detailed Information on the risk:
There are multiple ways an attacker could exploit this vulnerability. In a web-based attack scenario, an attacker could host a specially crafted website designed to exploit the vulnerability and then convince a user to view the website.
Further information on this exploit is available at : CVE-2018-1028
Affected Software
Microsoft Office 2010 Service Pack 2 (32-bit editions)
Microsoft Office 2010 Service Pack 2 (64-bit editions)
Microsoft Office Web Apps 2010 Service Pack 2
Microsoft Office 2013 Service Pack 1 (32-bit editions)
Microsoft Office 2013 Service Pack 1 (64-bit editions)
Microsoft Office 2013 RT Service Pack 1
Microsoft SharePoint Server 2013 Service Pack 1
Microsoft Office Web Apps Server 2013 Service Pack 1
Microsoft Office 2016 (32-bit edition)
Microsoft Office 2016 (64-bit edition)
Microsoft SharePoint Enterprise Server 2016
Excel Services on Microsoft SharePoint Enterprise Server 2013 Service Pack 1
Word Automation Services on Microsoft SharePoint Server 2010 Service Pack 2
Word Automation Services on Microsoft SharePoint Server 2013 Service Pack 1