CVE-2018-8628

Name of the Vulnerable Software and Affected Versions Microsoft Office versions prior to the fixed version Microsoft Office 365 ProPlus versions prior to the fixed version Microsoft PowerPoint versions prior to the fixed version Microsoft SharePoint versions prior to the fixed version Microsoft PowerPoint Viewer versions prior to the fixed version Office Online Server versions prior to the fixed version Microsoft SharePoint Server versions prior to the fixed version

Description A remote code execution issue exists in Microsoft PowerPoint software due to its failure to properly handle objects in memory. This could allow an attacker to run arbitrary code in the context of the current user by using a specially crafted file. If the current user has administrative user rights, the attacker could take control of the affected system, install programs, view, change, or delete data, or create new accounts with full user rights. Users with fewer user rights on the system could be less impacted than those operating with administrative user rights.

Recommendations For Microsoft Office, update to a version that includes the fix for this issue. For Microsoft Office 365 ProPlus, update to a version that includes the fix for this issue. For Microsoft PowerPoint, update to a version that includes the fix for this issue. For Microsoft SharePoint, update to a version that includes the fix for this issue. For Microsoft PowerPoint Viewer, update to a version that includes the fix for this issue. For Office Online Server, update to a version that includes the fix for this issue. For Microsoft SharePoint Server, update to a version that includes the fix for this issue. As a temporary workaround, consider avoiding the use of specially crafted files with affected versions of Microsoft Office PowerPoint software until a patch is available.