CVE-2018-8427

Name of the Vulnerable Software and Affected Versions Microsoft Office versions (affected versions not specified) Microsoft Office Word Viewer versions (affected versions not specified) Office 365 ProPlus versions (affected versions not specified) Windows Server 2008 versions (affected versions not specified) Microsoft PowerPoint Viewer versions (affected versions not specified) Microsoft Excel Viewer versions (affected versions not specified) Microsoft Office Compatibility Pack versions (affected versions not specified) Microsoft Windows versions (affected versions not specified)

Description An information disclosure issue exists in the way Microsoft Graphics Components handle objects in memory. This could allow an attacker to obtain sensitive information by exploiting the vulnerability, potentially using it for further exploitation. The vulnerability can be exploited when a user opens a specially crafted file.

Recommendations For Microsoft Office, update to a version that includes the fix for this issue. For Microsoft Office Word Viewer, consider disabling the handling of specially crafted files until a patch is available. For Office 365 ProPlus, restrict access to sensitive information to minimize the risk of exploitation. For Windows Server 2008, avoid using the affected Microsoft Graphics Components until the issue is resolved. For Microsoft PowerPoint Viewer, as a temporary workaround, consider disabling the opening of specially crafted files. For Microsoft Excel Viewer, update to a version that includes the fix for this issue. For Microsoft Office Compatibility Pack, restrict access to sensitive information to minimize the risk of exploitation. For Microsoft Windows, update to a version that includes the fix for this issue.