CVE-2018-1028

A remote code execution vulnerability exists when the Office graphics component improperly handles specially crafted embedded fonts, aka "Microsoft Office Graphics Remote Code Execution Vulnerability." This affects Word, Microsoft Office, Microsoft SharePoint, Excel, Microsoft SharePoint Server.
References
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:microsoft:excel_services:-:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:office:2013:sp1:*:*:*:*:*:*
cpe:2.3:a:microsoft:office:2013_rt:sp1:*:*:*:*:*:*
cpe:2.3:a:microsoft:office:2016:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:office_2010:*:sp2:*:*:*:*:*:*
cpe:2.3:a:microsoft:office_web_apps:2010:sp2:*:*:*:*:*:*
cpe:2.3:a:microsoft:office_web_apps:2013:sp1:*:*:*:*:*:*
cpe:2.3:a:microsoft:sharepoint_enterprise_server:2013:sp1:*:*:*:*:*:*
cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:word_automation_services:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2018-04-12 01:29

Updated : 2024-02-04 19:46


NVD link : CVE-2018-1028

Mitre link : CVE-2018-1028

CVE.ORG link : CVE-2018-1028


JSON object : View

Products Affected

microsoft

  • office_web_apps
  • office
  • sharepoint_enterprise_server
  • office_2010
  • word_automation_services
  • excel_services
CWE
CWE-94

Improper Control of Generation of Code ('Code Injection')