CVE-2018-8636

Name of the Vulnerable Software and Affected Versions Microsoft Excel (affected versions not specified) Office 365 ProPlus (affected versions not specified) Microsoft Office (affected versions not specified)

Description A remote code execution issue exists in Microsoft Excel due to improper handling of objects in memory. This allows a remote attacker to execute arbitrary code in the context of the current user by using a specially crafted file. If the user has administrative rights, the attacker could gain control of the system, install programs, view or modify data, or create new accounts with full rights. The impact is reduced for users with limited rights.

Recommendations For Microsoft Excel, consider avoiding the use of specially crafted files until a fix is available. For Office 365 ProPlus, restrict access to potentially vulnerable components until an update is applied. For Microsoft Office, as a temporary workaround, consider disabling the ability to open specially crafted files in Microsoft Excel until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.