CVE-2018-8173 - A remote code execution vulnerability exists in Microsoft InfoPath when the software fails to proper

CVE-2018-8173

Summary

A remote code execution vulnerability exists in Microsoft InfoPath when the software fails to properly handle objects in memory, aka "Microsoft InfoPath Remote Code Execution Vulnerability." This affects Microsoft Infopath.

References

http://www.securityfocus.com/bid/104069
http://www.securitytracker.com/id/1040855
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8173

Vulnerable Configurations

cpe:2.3:a:microsoft:infopath:2013:sp1:*:*:*:*:*:*
cpe:2.3:a:microsoft:infopath:2013:sp1:*:*:*:*:*:*

CVSS

Base:	9.3 (as of 24-08-2020 - 17:37)
Impact:
Exploitability:

CWE

NVD-CWE-noinfo

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:M/Au:N/C:C/I:C/A:C

refmap via4

bid	104069
confirm	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8173
sectrack	1040855

Last major update

24-08-2020 - 17:37

Published

09-05-2018 - 19:29

Last modified

24-08-2020 - 17:37