CVE-2018-1007 - An information disclosure vulnerability exists when Microsoft Office improperly discloses the conten

CVE-2018-1007

Summary

An information disclosure vulnerability exists when Microsoft Office improperly discloses the contents of its memory, aka "Microsoft Office Information Disclosure Vulnerability." This affects Microsoft Office. This CVE ID is unique from CVE-2018-0950.

References

http://www.securityfocus.com/bid/103640
http://www.securitytracker.com/id/1040654
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1007

Vulnerable Configurations

cpe:2.3:a:microsoft:office:2016:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:office:2016:*:*:*:*:*:*:*

CVSS

Base:	2.6 (as of 24-08-2020 - 17:37)
Impact:
Exploitability:

CWE

NVD-CWE-noinfo

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	HIGH	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	NONE	NONE

cvss-vector via4

AV:N/AC:H/Au:N/C:P/I:N/A:N

refmap via4

bid	103640
confirm	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1007
sectrack	1040654

Last major update

24-08-2020 - 17:37

Published

12-04-2018 - 01:29

Last modified

24-08-2020 - 17:37