CVE-2018-8628

A remote code execution vulnerability exists in Microsoft PowerPoint software when the software fails to properly handle objects in memory, aka "Microsoft PowerPoint Remote Code Execution Vulnerability." This affects Microsoft Office, Office 365 ProPlus, Microsoft PowerPoint, Microsoft SharePoint, Microsoft PowerPoint Viewer, Office Online Server, Microsoft SharePoint Server.

Published: Dec 12, 2018
Updated: Apr 13, 2023
CVE: CVE-2018-8628
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.8
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
microsoft / powerpoint	2013-sp1	2013-sp1.x
microsoft / powerpoint_viewer	-	-
microsoft / powerpoint	2010-sp2	2010-sp2.x
microsoft / powerpoint	2016	2016.x
microsoft / office_web_apps	2013-sp1	2013-sp1.x
microsoft / office_web_apps	2010-sp2	2010-sp2.x
microsoft / office_compatibility_pack	--sp3	--sp3.x
microsoft / sharepoint_server	2013-sp1	2013-sp1.x
microsoft / sharepoint_enterprise_server	2016	2016.x
microsoft / office_online_server	-	-
microsoft / office	2016	2016.x
microsoft / office	2019	2019.x
microsoft / sharepoint_server	2019	2019.x

Vulnerability Database

289,599

CVE-2018-8628