Home

CVE-2018-8432

Description

A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka Microsoft Graphics Components Remote Code Execution Vulnerability. This affects Windows 7, Microsoft Office, Microsoft Office Word Viewer, Office 365 ProPlus, Microsoft Excel Viewer, Microsoft PowerPoint Viewer, Windows Server 2019, Windows Server 2008 R2, Windows 10, Windows Server 2008.

Risk Information

Base Score
5.1
MODERATE
Vector
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
EPSS Score
Exploitation Probability
28.958

Associated Vulnerability

VulnerabilityOS Platform
Microsoft Graphics Components Information Disclosure Vulnerability for Windows Server 2008 for x86-based Systems (KB4463104)Windows
Microsoft Graphics Components Information Disclosure Vulnerability for Windows Server 2008 for x64-based Systems (KB4463104)Windows
Microsoft Graphics Components Information Disclosure Vulnerability for Windows Server 2008 for x64-based Systems (KB4463097)Windows
Microsoft Graphics Components Information Disclosure Vulnerability for Windows Server 2008 for x86-based Systems (KB4463097)Windows
Windows Kernel Elevation of Privilege Vulnerability for Windows 10 Version 1809 for x64-based Systems (KB4464330) - CumulativeWindows
Windows Kernel Elevation of Privilege Vulnerability for Windows 10 Version 1809 for x86-based Systems (KB4464330) - CumulativeWindows
Microsoft JET Database Engine Remote Code Execution Vulnerability for Windows 7 for x64-based Systems (KB4462915)Windows
Microsoft JET Database Engine Remote Code Execution Vulnerability for Windows 7 for x86-based Systems (KB4462915)Windows
Microsoft JET Database Engine Remote Code Execution Vulnerability for Windows Server 2008 R2 for x64-based Systems (KB4462915)Windows
Microsoft JET Database Engine Remote Code Execution Vulnerability for Windows 7 for x64-based Systems (KB4462923)Windows
Microsoft JET Database Engine Remote Code Execution Vulnerability for Windows 7 for x86-based Systems (KB4462923)Windows
Microsoft JET Database Engine Remote Code Execution Vulnerability for Windows Server 2008 R2 for x64-based Systems (KB4462923)Windows
Microsoft Graphics Components Information Disclosure Vulnerability for Word Viewer (KB4092464)Windows
Microsoft Graphics Components Information Disclosure Vulnerability for Microsoft Office Viewers Microsoft Office Compatibility Pack (KB4092444)Windows

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-253482018-10 Security Only Quality Update for Windows Server 2008 for x86-based Systems (KB4463104)
PATCH-253492018-10 Security Only Quality Update for Windows Server 2008 for x64-based Systems (KB4463104)
PATCH-253922018-10 Security Monthly Quality Rollup for Windows Server 2008 for x64-based Systems (KB4463097)
PATCH-253932018-10 Security Monthly Quality Rollup for Windows Server 2008 for x86-based Systems (KB4463097)
PATCH-253572018-10 Cumulative Update for Windows 10 Version 1809 for x64-based Systems (KB4464330)
PATCH-253582018-10 Cumulative Update for Windows 10 Version 1809 for x86-based Systems (KB4464330)
PATCH-253542018-10 Security Only Quality Update for Windows 7 for x64-based Systems (KB4462915)
PATCH-253552018-10 Security Only Quality Update for Windows 7 for x86-based Systems (KB4462915)
PATCH-253562018-10 Security Only Quality Update for Windows Server 2008 R2 for x64-based Systems (KB4462915)
PATCH-253982018-10 Security Monthly Quality Rollup for Windows 7 for x64-based Systems (KB4462923)
PATCH-253992018-10 Security Monthly Quality Rollup for Windows 7 for x86-based Systems (KB4462923)
PATCH-254002018-10 Security Monthly Quality Rollup for Windows Server 2008 R2 for x64-based Systems (KB4462923)
PATCH-25445Security Update for Word Viewer (KB4092464)
PATCH-25401Security Update for Microsoft Office Viewers Microsoft Office Compatibility Pack (KB4092444)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234