Home

CVE-2018-8378

Description

An information disclosure vulnerability exists when Microsoft Office software reads out of bound memory due to an uninitialized variable, which could disclose the contents of memory, aka Microsoft Office Information Disclosure Vulnerability. This affects Word, Microsoft SharePoint Server, Microsoft Office Word Viewer, Microsoft Excel Viewer, Microsoft SharePoint, Microsoft Office.

Risk Information

Base Score
5.5
MODERATE
Vector
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
EPSS Score
Exploitation Probability
26.94

Associated Vulnerability

VulnerabilityOS Platform
Microsoft Office Information Disclosure Vulnerability for Microsoft Office 2010 (KB3213636) 32-Bit EditionWindows
Microsoft Office Information Disclosure Vulnerability for Microsoft Office 2010 (KB3213636) 64-Bit EditionWindows
Microsoft Office Information Disclosure Vulnerability for Microsoft Office 2016 (KB4032233) 64-Bit EditionWindows
Microsoft Office Information Disclosure Vulnerability for Microsoft SharePoint Enterprise Server 2016 (KB4032256)Windows
Microsoft Office Information Disclosure Vulnerability for Word Viewer (KB4092433)Windows
Microsoft Office Information Disclosure Vulnerability for Microsoft Office Viewers Microsoft Office Compatibility Pack (KB4022195)Windows
Microsoft Office Information Disclosure Vulnerability for Microsoft Office 2013 (KB4032239) 32-Bit EditionWindows
Microsoft Office Information Disclosure Vulnerability for Microsoft Office Web Apps Server 2013 (KB4022238)Windows
Microsoft Office Information Disclosure Vulnerability for Word Viewer (KB4092434)Windows
Microsoft Office Information Disclosure Vulnerability for Microsoft Office 2013 (KB4032239) 64-Bit EditionWindows
Microsoft Office Information Disclosure Vulnerability for Microsoft Office 2016 (KB4032233) 32-Bit EditionWindows
Microsoft Office Information Disclosure Vulnerability for Microsoft Web Applications (KB4032220)Windows
Microsoft Office Information Disclosure Vulnerability for Microsoft SharePoint Server 2010 (KB4032215)Windows
Microsoft Office Information Disclosure Vulnerability for Microsoft Office 2010 (KB4022198) 32-Bit EditionWindows
Microsoft Office Information Disclosure Vulnerability for Microsoft Office 2010 (KB4022198) 64-Bit EditionWindows
Microsoft Office Information Disclosure Vulnerability for Microsoft SharePoint Enterprise Server 2013 (KB4022234)Windows
Microsoft Office Information Disclosure Vulnerability for Microsoft SharePoint Enterprise Server 2013 (KB4018392)Windows
Microsoft Office Information Disclosure Vulnerability for Microsoft SharePoint Enterprise Server 2013 (KB4022236)Windows

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-25077Security Update for Microsoft Office 2010 (KB3213636) 32-Bit Edition
PATCH-25078Security Update for Microsoft Office 2010 (KB3213636) 64-Bit Edition
PATCH-25091Security Update for Microsoft Office 2016 (KB4032233) 64-Bit Edition
PATCH-25094Security Update for Microsoft SharePoint Enterprise Server 2016 (KB4032256)
PATCH-25095Security Update for Word Viewer (KB4092433)
PATCH-25069Security Update for Microsoft Office Viewers Microsoft Office Compatibility Pack (KB4022195)
PATCH-25084Security Update for Microsoft Office 2013 (KB4032239) 32-Bit Edition
PATCH-25138Security Update for Word Viewer (KB4092434)
PATCH-25156Security Update for Microsoft Office 2013 (KB4032239) 64-Bit Edition
PATCH-25158Security Update for Microsoft Office 2016 (KB4032233) 32-Bit Edition
PATCH-25076Security Update for Microsoft Web Applications (KB4032220)
PATCH-25071Security Update for Microsoft SharePoint Server 2010 (KB4032215)
PATCH-25088Security Update for Microsoft SharePoint Enterprise Server 2013 (KB4022234)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234