1. CVE-Search
  2. CVE-2018-8332
ID CVE-2018-8332
Summary A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka "Win32k Graphics Remote Code Execution Vulnerability." This affects Windows 7, Microsoft Office, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers.
References
Vulnerable Configurations
  • cpe:2.3:a:microsoft:office:2016:*:*:*:click-to-run:*:*:*
    cpe:2.3:a:microsoft:office:2016:*:*:*:click-to-run:*:*:*
  • cpe:2.3:a:microsoft:office_for_mac:2016:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:office_for_mac:2016:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:rt:*:*:*
    cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:rt:*:*:*
  • cpe:2.3:o:microsoft:windows_server:2008:r2:sp1:*:*:*:itanium:*
    cpe:2.3:o:microsoft:windows_server:2008:r2:sp1:*:*:*:itanium:*
  • cpe:2.3:o:microsoft:windows_server:2008:r2:sp1:*:*:*:x64:*
    cpe:2.3:o:microsoft:windows_server:2008:r2:sp1:*:*:*:x64:*
  • cpe:2.3:o:microsoft:windows_server:2008:sp2:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_server:2008:sp2:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_server:2012:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_server:2012:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_server:2012:r2:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_server:2012:r2:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_server:2016:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_server:2016:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_server:2016:1709:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_server:2016:1709:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_server:2016:1803:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_server:2016:1803:*:*:*:*:*:*
CVSS
Base: 9.3 (as of 03-10-2019 - 00:03)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:M/Au:N/C:C/I:C/A:C
refmap via4
bid 105248
confirm https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8332
sectrack 1041628
Last major update 03-10-2019 - 00:03
Published 13-09-2018 - 00:29
Last modified 03-10-2019 - 00:03
Back to Top