CVE-2018-8597

Description

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka Microsoft Excel Remote Code Execution Vulnerability. This affects Office 365 ProPlus, Microsoft Office, Microsoft Excel. This CVE ID is unique from CVE-2018-8636.

Risk Information

Base Score

7.8

MODERATE

Vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS Score

Exploitation Probability

31.336

Associated Vulnerability

Vulnerability	OS Platform
Microsoft Excel Remote Code Execution Vulnerability for Microsoft Excel 2013 (KB4461559) 64-Bit Edition	Windows
Microsoft Excel Remote Code Execution Vulnerability for Microsoft Excel 2013 (KB4461559) 32-Bit Edition	Windows
Microsoft Excel Remote Code Execution Vulnerability for Microsoft Excel 2016 (KB4461542) 32-Bit Edition	Windows
Microsoft Excel Remote Code Execution Vulnerability for Microsoft Excel 2016 (KB4461542) 64-Bit Edition	Windows
Microsoft Excel Remote Code Execution Vulnerability for Microsoft Office 2010 (KB4461570) 32-Bit Edition	Windows
Microsoft Excel Remote Code Execution Vulnerability for Microsoft Office 2010 (KB4461570) 64-Bit Edition	Windows
Microsoft Excel Remote Code Execution Vulnerability for Microsoft Excel 2010 (KB4461577) 64-Bit Edition	Windows
Microsoft Excel Remote Code Execution Vulnerability for Microsoft Excel 2010 (KB4461577) 32-Bit Edition	Windows
Microsoft Excel Remote Code Execution Vulnerability for Microsoft Office Compatibility Pack Service Pack 3 (KB4461565)	Windows
Microsoft PowerPoint Remote Code Execution Vulnerability for Office 365 Professional Plus Semi-Annual Channel Version 1803 (Build 9126.2336)	Windows
Microsoft PowerPoint Remote Code Execution Vulnerability for Office 365 Professional Plus Semi-Annual Channel Version 1803 (Build 9126.2336)	Windows
Update for Office 365 Business Edition Semi-Annual Channel Version 1803 (Build 9126.2336)	Windows
Update for Office 365 Business Edition Semi-Annual Channel Version 1803 (Build 9126.2336)	Windows
Microsoft PowerPoint Remote Code Execution Vulnerability for Office 365 Professional Plus Monthly Channel Version 1811 (Build 11029.20108)	Windows
Microsoft PowerPoint Remote Code Execution Vulnerability for Office 365 Professional Plus Monthly Channel Version 1811 (Build 11029.20108)	Windows
Microsoft PowerPoint Remote Code Execution Vulnerability for Office 365 Business Edition Monthly Channel Version 1811 (Build 11029.20108)	Windows
Microsoft PowerPoint Remote Code Execution Vulnerability for Office 365 Business Edition Monthly Channel Version 1811 (Build 11029.20108)	Windows

Patch Details

Click to see the patches provided by ManageEngine for this CVE

Patch ID	Patch Description
PATCH-25762	Security Update for Microsoft Excel 2013 (KB4461559) 64-Bit Edition
PATCH-25763	Security Update for Microsoft Excel 2013 (KB4461559) 32-Bit Edition
PATCH-25772	Security Update for Microsoft Excel 2016 (KB4461542) 32-Bit Edition
PATCH-25773	Security Update for Microsoft Excel 2016 (KB4461542) 64-Bit Edition
PATCH-25751	Security Update for Microsoft Excel 2010 (KB4461577) 64-Bit Edition
PATCH-25752	Security Update for Microsoft Excel 2010 (KB4461577) 32-Bit Edition
PATCH-25781	Security Update for Microsoft Office Compatibility Pack Service Pack 3 (KB4461565)
PATCH-25813	Update for Office 365 Professional Plus Semi-Annual Channel Version 1803 (Build 9126.2336)
PATCH-25815	Update for Office 365 Professional Plus Semi-Annual Channel Version 1803 (Build 9126.2336)
PATCH-25805	Update for Office 365 Professional Plus Monthly Channel Version 1811 (Build 11029.20108)
PATCH-25807	Update for Office 365 Professional Plus Monthly Channel Version 1811 (Build 11029.20108)
PATCH-25809	Update for Office 365 Business Edition Monthly Channel Version 1811 (Build 11029.20108)
PATCH-25811	Update for Office 365 Business Edition Monthly Channel Version 1811 (Build 11029.20108)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234