ID CVE-2018-8247
Summary An elevation of privilege vulnerability exists when Office Web Apps Server 2013 and Office Online Server fail to properly handle web requests, aka "Microsoft Office Elevation of Privilege Vulnerability." This affects Microsoft Office, Microsoft Office Online Server. This CVE ID is unique from CVE-2018-8245.
References
Vulnerable Configurations
CVSS
Base: None
Impact:
Exploitability:
msbulletin via4
bulletin_SOURCE_FILE https://portal.msrc.microsoft.com/api/security-guidance/en-us/
cves_url https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8247
impact Elevation of Privilege
knowledgebase_SOURCE_FILE
knowledgebase_id
name Microsoft Office Web Apps Server 2013 Service Pack 1
publishedDate 2018-06-12T07:00:00
severity Important
nessus via4
NASL family Windows : Microsoft Bulletins
NASL id SMB_NT_MS18_JUN_OFFICE_WEB.NASL
description The Microsoft Office Online Server or Microsoft Office Web Apps installation on the remote host is missing a security update. It is, therefore, affected by the following vulnerability : - An elevation of privilege vulnerability exists when Office Web Apps Server 2013 and Office Online Server fail to properly handle web requests. An attacker who successfully exploited this vulnerability could perform script/content injection attacks and attempt to trick the user into disclosing sensitive information. (CVE-2018-8247)
last seen 2018-06-13
modified 2018-06-12
plugin id 110498
published 2018-06-12
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=110498
title Security Updates for Microsoft Office Online Server and Microsoft Office Web Apps (June 2018)
refmap via4
bid 104319
confirm https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8247
sectrack 1041104
Last major update 14-06-2018 - 08:29
Published 14-06-2018 - 08:29
Last modified 15-06-2018 - 21:29
Back to Top