Home

CVE-2018-8628

Description

A remote code execution vulnerability exists in Microsoft PowerPoint software when the software fails to properly handle objects in memory, aka Microsoft PowerPoint Remote Code Execution Vulnerability. This affects Microsoft Office, Office 365 ProPlus, Microsoft PowerPoint, Microsoft SharePoint, Microsoft PowerPoint Viewer, Office Online Server, Microsoft SharePoint Server.

Risk Information

Base Score
7.8
MODERATE
Vector
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
34.534

Associated Vulnerability

VulnerabilityOS Platform
Microsoft PowerPoint Remote Code Execution Vulnerability for Microsoft Office PowerPoint Viewer 2007 (KB2597975)Windows
Microsoft PowerPoint Remote Code Execution Vulnerability for Microsoft Office Web Apps Server 2013 (KB4461551)Windows
Microsoft SharePoint Information Disclosure Vulnerability for Microsoft SharePoint Enterprise Server 2016 (KB4461541)Windows
Microsoft PowerPoint Remote Code Execution Vulnerability for Microsoft Web Applications (KB2965312)Windows
Microsoft PowerPoint Remote Code Execution Vulnerability for Microsoft SharePoint Enterprise Server 2013 (KB4092472)Windows
Microsoft PowerPoint Remote Code Execution Vulnerability for Microsoft Office Compatibility Pack Service Pack 3 (KB4011207)Windows
Microsoft PowerPoint Remote Code Execution Vulnerability for Microsoft PowerPoint 2013 (KB4461481) 64-Bit EditionWindows
Microsoft PowerPoint Remote Code Execution Vulnerability for Microsoft PowerPoint 2013 (KB4461481) 32-Bit EditionWindows
Microsoft PowerPoint Remote Code Execution Vulnerability for Microsoft PowerPoint 2016 (KB4461532) 32-Bit EditionWindows
Microsoft PowerPoint Remote Code Execution Vulnerability for Microsoft PowerPoint 2016 (KB4461532) 64-Bit EditionWindows
Microsoft PowerPoint Remote Code Execution Vulnerability for Microsoft PowerPoint 2010 (KB4461521) 32-Bit EditionWindows
Microsoft PowerPoint Remote Code Execution Vulnerability for Microsoft PowerPoint 2010 (KB4461521) 64-Bit EditionWindows
Microsoft PowerPoint Remote Code Execution Vulnerability for Office 365 Professional Plus Semi-Annual Channel Version 1803 (Build 9126.2336)Windows
Microsoft PowerPoint Remote Code Execution Vulnerability for Office 365 Professional Plus Semi-Annual Channel Version 1803 (Build 9126.2336)Windows
Update for Office 365 Business Edition Semi-Annual Channel Version 1803 (Build 9126.2336)Windows
Update for Office 365 Business Edition Semi-Annual Channel Version 1803 (Build 9126.2336)Windows
Microsoft PowerPoint Remote Code Execution Vulnerability for Office 365 Professional Plus Monthly Channel Version 1811 (Build 11029.20108)Windows
Microsoft PowerPoint Remote Code Execution Vulnerability for Office 365 Professional Plus Monthly Channel Version 1811 (Build 11029.20108)Windows
Microsoft PowerPoint Remote Code Execution Vulnerability for Office 365 Business Edition Monthly Channel Version 1811 (Build 11029.20108)Windows
Microsoft PowerPoint Remote Code Execution Vulnerability for Office 365 Business Edition Monthly Channel Version 1811 (Build 11029.20108)Windows

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-25779Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2597975)
PATCH-25778Security Update for Microsoft SharePoint Enterprise Server 2016 (KB4461541)
PATCH-25755Security Update for Microsoft Web Applications (KB2965312)
PATCH-25780Security Update for Microsoft Office Compatibility Pack Service Pack 3 (KB4011207)
PATCH-25764Security Update for Microsoft PowerPoint 2013 (KB4461481) 64-Bit Edition
PATCH-25765Security Update for Microsoft PowerPoint 2013 (KB4461481) 32-Bit Edition
PATCH-25776Security Update for Microsoft PowerPoint 2016 (KB4461532) 32-Bit Edition
PATCH-25777Security Update for Microsoft PowerPoint 2016 (KB4461532) 64-Bit Edition
PATCH-25753Security Update for Microsoft PowerPoint 2010 (KB4461521) 32-Bit Edition
PATCH-25754Security Update for Microsoft PowerPoint 2010 (KB4461521) 64-Bit Edition
PATCH-25813Update for Office 365 Professional Plus Semi-Annual Channel Version 1803 (Build 9126.2336)
PATCH-25815Update for Office 365 Professional Plus Semi-Annual Channel Version 1803 (Build 9126.2336)
PATCH-25805Update for Office 365 Professional Plus Monthly Channel Version 1811 (Build 11029.20108)
PATCH-25807Update for Office 365 Professional Plus Monthly Channel Version 1811 (Build 11029.20108)
PATCH-25809Update for Office 365 Business Edition Monthly Channel Version 1811 (Build 11029.20108)
PATCH-25811Update for Office 365 Business Edition Monthly Channel Version 1811 (Build 11029.20108)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234