CVE-2018-8575

Name of the Vulnerable Software and Affected Versions Microsoft Project (affected versions not specified) Office 365 ProPlus (affected versions not specified) Microsoft Project Server (affected versions not specified)

Description A remote code execution issue exists due to improper handling of objects in memory. This can be exploited by an attacker using a specially crafted file, allowing them to perform actions in the security context of the current user. The exploitation requires a user to open the specially crafted file with an affected version of the software.

Recommendations For Microsoft Project, consider avoiding the use of specially crafted files until a fix is available. For Office 365 ProPlus, restrict access to potentially vulnerable components to minimize the risk of exploitation. For Microsoft Project Server, as a temporary workaround, consider disabling the handling of external files until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.