PT-2018-18548 · Microsoft · Office Word+2

Jonathan Birch

Published

2018-07-10

Updated

2020-08-24

CVE-2018-8310

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions Microsoft Outlook (affected versions not specified) Microsoft Word (affected versions not specified) Microsoft Office (affected versions not specified)

Description A tampering issue exists due to improper handling of specific attachment types when rendering HTML emails. An attacker could exploit this by sending a specially crafted email and attachment to a victim, or by hosting a malicious .eml file on a web server. Successful exploitation could allow embedding untrusted TrueType fonts in an email, potentially leading to further system compromise when combined with other exploits.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2018-8310

Affected Products

Office

Outlook

Office Word

PT-2018-18548 · Microsoft · Office Word+2

CVE-2018-8310

Related Identifiers

Affected Products

References · 6