CVE-2018-1028

CVE Database · CVE-2018-1028

CVE-2018-1028

· N/AModified

CVSS v3.1

N/A

EPSS

19.11%

Published

Apr 11, 2018

Modified

Nov 21, 2024

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A remote code execution vulnerability exists when the Office graphics component improperly handles specially crafted embedded fonts, aka "Microsoft Office Graphics Remote Code Execution Vulnerability." This affects Word, Microsoft Office, Microsoft SharePoint, Excel, Microsoft SharePoint Server.

Weaknesses (CWE)

CWE-94

Affected Products (10)

microsoft · excel_servicesvulnerable

microsoft · officevulnerable

microsoft · office_2010vulnerable

microsoft · office_web_appsvulnerable

microsoft · sharepoint_enterprise_servervulnerable

microsoft · word_automation_servicesvulnerable

References (6)

http://www.securityfocus.com/bid/103641

Third Party AdvisoryVDB Entry