CVE-2018-8524

A remote code execution vulnerability exists in Microsoft Outlook software when it fails to properly handle objects in memory, aka "Microsoft Outlook Remote Code Execution Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Outlook. This CVE ID is unique from CVE-2018-8522, CVE-2018-8576, CVE-2018-8582.

Published: Nov 14, 2018
Updated: Apr 13, 2023
CVE: CVE-2018-8524
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.8
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
microsoft / outlook	2016	2016.x
microsoft / outlook	2010-sp2	2010-sp2.x
microsoft / outlook	2013-sp1	2013-sp1.x
microsoft / outlook_rt	2013-sp1	2013-sp1.x
microsoft / office	2019	2019.x

http://www.securityfocus.com/bid/105823
http://www.securitytracker.com/id/1042110
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8524

Vulnerability Database

289,599

CVE-2018-8524