CVE-2018-8597

Name of the Vulnerable Software and Affected Versions Microsoft Excel versions prior to the fixed version Office 365 ProPlus versions prior to the fixed version Microsoft Office versions prior to the fixed version

Description A remote code execution issue exists in Microsoft Excel due to improper handling of objects in memory. This could allow an attacker to run arbitrary code in the context of the current user. If the user has administrative rights, the attacker could take control of the system, install programs, view, change, or delete data, or create new accounts with full user rights. Exploitation requires a user to open a specially crafted file with an affected version of Microsoft Excel.

Recommendations For Microsoft Excel, update to a version that includes the fix for this issue. For Office 365 ProPlus, update to a version that includes the fix for this issue. For Microsoft Office, update to a version that includes the fix for this issue. As a temporary workaround, consider avoiding the use of specially crafted files with affected versions of Microsoft Excel until a patch is available.