CVE-2018-1028

Name of the Vulnerable Software and Affected Versions Microsoft Office (affected versions not specified) Microsoft SharePoint (affected versions not specified) Microsoft SharePoint Server (affected versions not specified) Word (affected versions not specified) Excel (affected versions not specified)

Description A remote code execution issue exists due to the improper handling of specially crafted embedded fonts by the Office graphics component. This could allow a remote attacker to execute arbitrary code, potentially taking control of the affected system. The attacker could then install programs, view, change, or delete data, or create new accounts with full user rights. Users with limited user rights on the system may be less impacted than those operating with administrative rights.

Recommendations For Microsoft Office, consider disabling the handling of embedded fonts until a patch is available. For Microsoft SharePoint, restrict access to specially crafted files to minimize the risk of exploitation. For Microsoft SharePoint Server, avoid using the Office graphics component with untrusted files until the issue is resolved. For Word, as a temporary workaround, consider disabling the rendering of embedded fonts. For Excel, restrict the opening of files with specially crafted embedded fonts to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.