CVE-2018-8245 - A remote code execution vulnerability exists when Microsoft Publisher fails to utilize features that

CVE-2018-8245

Summary

A remote code execution vulnerability exists when Microsoft Publisher fails to utilize features that lock down the Local Machine zone when instantiating OLE objects, aka "Microsoft Publisher Remote Code Execution Vulnerability." This affects Microsoft Publisher.

References

http://www.securityfocus.com/bid/104405
http://www.securitytracker.com/id/1041105
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8245

Vulnerable Configurations

cpe:2.3:a:microsoft:publisher:2010:sp2:*:*:*:*:*:*
cpe:2.3:a:microsoft:publisher:2010:sp2:*:*:*:*:*:*

CVSS

Base:	6.8 (as of 24-08-2020 - 17:37)
Impact:
Exploitability:

CWE

NVD-CWE-noinfo

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:M/Au:N/C:P/I:P/A:P

refmap via4

bid	104405
confirm	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8245
sectrack	1041105

Last major update

24-08-2020 - 17:37

Published

14-06-2018 - 12:29

Last modified

24-08-2020 - 17:37