CVE-2018-8281

Name of the Vulnerable Software and Affected Versions Microsoft Office (affected versions not specified) Microsoft Excel Viewer (affected versions not specified) Microsoft PowerPoint Viewer (affected versions not specified) Microsoft Office Word Viewer (affected versions not specified)

Description A remote code execution issue exists in Microsoft Office software due to improper handling of objects in memory. An attacker who successfully exploits this issue could run arbitrary code in the context of the current user. If the current user has administrative user rights, an attacker could take control of the affected system, allowing them to install programs, view, change, or delete data, or create new accounts with full user rights. Users with fewer user rights on the system could be less impacted than those operating with administrative user rights.

Recommendations For Microsoft Office, update to a version that properly handles objects in memory to prevent remote code execution. For Microsoft Excel Viewer, consider disabling any features that handle objects in memory until a patch is available. For Microsoft PowerPoint Viewer, restrict access to any modules that may be used to exploit the remote code execution issue. For Microsoft Office Word Viewer, avoid using any functions that may be vulnerable to remote code execution until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.