CVE-2018-8378

Name of the Vulnerable Software and Affected Versions Microsoft Office (affected versions not specified) Microsoft SharePoint Server (affected versions not specified) Microsoft Office Word Viewer (affected versions not specified) Microsoft Excel Viewer (affected versions not specified) Microsoft SharePoint (affected versions not specified)

Description An information disclosure issue exists due to Microsoft Office software reading out of bound memory because of an uninitialized variable. This could potentially disclose the contents of memory. The exploitation of this issue requires a user to open a specially crafted file with an affected version of Microsoft Office software, allowing an attacker to view out of bound memory.

Recommendations For Microsoft Office, update to a version that includes a fix for the uninitialized variable issue. For Microsoft SharePoint Server, restrict access to specially crafted files until a patch is available. For Microsoft Office Word Viewer, avoid opening untrusted files until the issue is resolved. For Microsoft Excel Viewer, consider disabling the viewing of specially crafted files as a temporary workaround. For Microsoft SharePoint, implement security measures to prevent users from opening specially crafted files. At the moment, there is no information about a newer version that contains a fix for this vulnerability.