cnvd - cnvd-2018-20734

cnvd-2018-20734

Vulnerability from cnvd

Title: Microsoft Windows Graphics组件信息泄露漏洞（CNVD-2018-20734）

Description:

Microsoft Windows Server 2008 SP2等都是美国微软（Microsoft）公司的产品。Microsoft Windows Server 2008 SP2是一套服务器使用的操作系统。PowerPoint Viewer 2007是一款演示文稿处理程序。Graphics Components是其中的一个图形组件。

Microsoft Windows Graphics组件中对内存对象的处理方式存在信息泄露漏洞。攻击者可借助特制的文件利用该漏洞获取信息。

Severity: 中

Patch Name: Microsoft Windows Graphics组件信息泄露漏洞（CNVD-2018-20734）的补丁

Patch Description:

Microsoft Windows Graphics组件中对内存对象的处理方式存在信息泄露漏洞。攻击者可借助特制的文件利用该漏洞获取信息。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://portal.msrc.microsoft.com/zh-CN/security-guidance/advisory/CVE-2018-8427

Reference: https://www.securityfocus.com/bid/105453 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8427

Impacted products

Name
['Microsoft Windows Server 2008 SP2', 'Microsoft Microsoft Office Word Viewer', 'Microsoft Office 2016 for Mac', 'Microsoft Excel Viewer 2007 SP3', 'Microsoft PowerPoint Viewer 2007', 'Microsoft Office 2019']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "105453"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-8427"
    }
  },
  "description": "Microsoft Windows Server 2008 SP2\u7b49\u90fd\u662f\u7f8e\u56fd\u5fae\u8f6f\uff08Microsoft\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Microsoft Windows Server 2008 SP2\u662f\u4e00\u5957\u670d\u52a1\u5668\u4f7f\u7528\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002PowerPoint Viewer 2007\u662f\u4e00\u6b3e\u6f14\u793a\u6587\u7a3f\u5904\u7406\u7a0b\u5e8f\u3002Graphics Components\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u56fe\u5f62\u7ec4\u4ef6\u3002\r\n\r\nMicrosoft Windows Graphics\u7ec4\u4ef6\u4e2d\u5bf9\u5185\u5b58\u5bf9\u8c61\u7684\u5904\u7406\u65b9\u5f0f\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u501f\u52a9\u7279\u5236\u7684\u6587\u4ef6\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u4fe1\u606f\u3002",
  "discovererName": "Lin Wang of Beihang University",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://portal.msrc.microsoft.com/zh-CN/security-guidance/advisory/CVE-2018-8427",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-20734",
  "openTime": "2018-10-12",
  "patchDescription": "Microsoft Windows Server 2008 SP2\u7b49\u90fd\u662f\u7f8e\u56fd\u5fae\u8f6f\uff08Microsoft\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Microsoft Windows Server 2008 SP2\u662f\u4e00\u5957\u670d\u52a1\u5668\u4f7f\u7528\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002PowerPoint Viewer 2007\u662f\u4e00\u6b3e\u6f14\u793a\u6587\u7a3f\u5904\u7406\u7a0b\u5e8f\u3002Graphics Components\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u56fe\u5f62\u7ec4\u4ef6\u3002\r\n\r\nMicrosoft Windows Graphics\u7ec4\u4ef6\u4e2d\u5bf9\u5185\u5b58\u5bf9\u8c61\u7684\u5904\u7406\u65b9\u5f0f\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u501f\u52a9\u7279\u5236\u7684\u6587\u4ef6\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Microsoft Windows Graphics\u7ec4\u4ef6\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff08CNVD-2018-20734\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Microsoft Windows Server 2008 SP2",
      "Microsoft Microsoft Office Word Viewer",
      "Microsoft Office 2016 for Mac",
      "Microsoft Excel Viewer 2007 SP3",
      "Microsoft PowerPoint Viewer 2007",
      "Microsoft Office 2019"
    ]
  },
  "referenceLink": "https://www.securityfocus.com/bid/105453\r\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8427",
  "serverity": "\u4e2d",
  "submitTime": "2018-10-10",
  "title": "Microsoft Windows Graphics\u7ec4\u4ef6\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff08CNVD-2018-20734\uff09"
}

CVE-2018-8427 (GCVE-0-2018-8427)

Vulnerability from cvelistv5

Published

2018-10-10 13:00

Modified

2024-08-05 06:54

Severity ?

CWE

Information Disclosure

Summary

An information disclosure vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka "Microsoft Graphics Components Information Disclosure Vulnerability." This affects Microsoft Office, Microsoft Office Word Viewer, Office 365 ProPlus, Windows Server 2008, Microsoft PowerPoint Viewer, Microsoft Excel Viewer.

References

▼	URL	Tags
	http://www.securitytracker.com/id/1041823	vdb-entry, x_refsource_SECTRACK
	http://www.securityfocus.com/bid/105453	vdb-entry, x_refsource_BID
	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8427	x_refsource_CONFIRM

Impacted products

Vendor

Product

Version

▼

Microsoft

Microsoft Office

Version: 2016 for Mac
Version: 2019 for 32-bit editions
Version: 2019 for 64-bit editions
Version: Compatibility Pack Service Pack 3

Microsoft	Microsoft Office Word Viewer	Version: Microsoft Office Word Viewer
Microsoft	Windows Server 2008	Version: 32-bit Systems Service Pack 2 Version: 32-bit Systems Service Pack 2 (Server Core installation) Version: Itanium-Based Systems Service Pack 2 Version: x64-based Systems Service Pack 2 Version: x64-based Systems Service Pack 2 (Server Core installation)
Microsoft	Microsoft PowerPoint Viewer	Version: 2007
Microsoft	Office	Version: 365 ProPlus for 32-bit Systems Version: 365 ProPlus for 64-bit Systems
Microsoft	Microsoft Excel Viewer	Version: 2007 Service Pack 3

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T06:54:36.426Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1041823",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1041823"
          },
          {
            "name": "105453",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/105453"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8427"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Microsoft Office",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "2016 for Mac"
            },
            {
              "status": "affected",
              "version": "2019 for 32-bit editions"
            },
            {
              "status": "affected",
              "version": "2019 for 64-bit editions"
            },
            {
              "status": "affected",
              "version": "Compatibility Pack Service Pack 3"
            }
          ]
        },
        {
          "product": "Microsoft Office Word Viewer",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "Microsoft Office Word Viewer"
            }
          ]
        },
        {
          "product": "Windows Server 2008",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "32-bit Systems Service Pack 2"
            },
            {
              "status": "affected",
              "version": "32-bit Systems Service Pack 2 (Server Core installation)"
            },
            {
              "status": "affected",
              "version": "Itanium-Based Systems Service Pack 2"
            },
            {
              "status": "affected",
              "version": "x64-based Systems Service Pack 2"
            },
            {
              "status": "affected",
              "version": "x64-based Systems Service Pack 2 (Server Core installation)"
            }
          ]
        },
        {
          "product": "Microsoft PowerPoint Viewer",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "2007"
            }
          ]
        },
        {
          "product": "Office",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "365 ProPlus for 32-bit Systems"
            },
            {
              "status": "affected",
              "version": "365 ProPlus for 64-bit Systems"
            }
          ]
        },
        {
          "product": "Microsoft Excel Viewer",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "2007 Service Pack 3"
            }
          ]
        }
      ],
      "datePublic": "2018-10-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "An information disclosure vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka \"Microsoft Graphics Components Information Disclosure Vulnerability.\" This affects Microsoft Office, Microsoft Office Word Viewer, Office 365 ProPlus, Windows Server 2008, Microsoft PowerPoint Viewer, Microsoft Excel Viewer."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Information Disclosure",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-11T09:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "1041823",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1041823"
        },
        {
          "name": "105453",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/105453"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8427"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2018-8427",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Microsoft Office",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2016 for Mac"
                          },
                          {
                            "version_value": "2019 for 32-bit editions"
                          },
                          {
                            "version_value": "2019 for 64-bit editions"
                          },
                          {
                            "version_value": "Compatibility Pack Service Pack 3"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Microsoft Office Word Viewer",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Microsoft Office Word Viewer"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Windows Server 2008",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "32-bit Systems Service Pack 2"
                          },
                          {
                            "version_value": "32-bit Systems Service Pack 2 (Server Core installation)"
                          },
                          {
                            "version_value": "Itanium-Based Systems Service Pack 2"
                          },
                          {
                            "version_value": "x64-based Systems Service Pack 2"
                          },
                          {
                            "version_value": "x64-based Systems Service Pack 2 (Server Core installation)"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Microsoft PowerPoint Viewer",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2007"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Office",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "365 ProPlus for 32-bit Systems"
                          },
                          {
                            "version_value": "365 ProPlus for 64-bit Systems"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Microsoft Excel Viewer",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2007 Service Pack 3"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Microsoft"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An information disclosure vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka \"Microsoft Graphics Components Information Disclosure Vulnerability.\" This affects Microsoft Office, Microsoft Office Word Viewer, Office 365 ProPlus, Windows Server 2008, Microsoft PowerPoint Viewer, Microsoft Excel Viewer."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Information Disclosure"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1041823",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1041823"
            },
            {
              "name": "105453",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/105453"
            },
            {
              "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8427",
              "refsource": "CONFIRM",
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8427"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2018-8427",
    "datePublished": "2018-10-10T13:00:00",
    "dateReserved": "2018-03-14T00:00:00",
    "dateUpdated": "2024-08-05T06:54:36.426Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted