CVE-2018-8432

Name of the Vulnerable Software and Affected Versions Microsoft Graphics Components versions prior to the fixed version Windows 7 Windows Server 2019 Windows Server 2008 R2 Windows Server 2008 Microsoft Office Microsoft Office Word Viewer Office 365 ProPlus Microsoft Excel Viewer Microsoft PowerPoint Viewer

Description A remote code execution issue exists in the way Microsoft Graphics Components handle objects in memory. This allows an attacker to execute arbitrary code on a target system by opening a specially crafted file. The vulnerability is caused by a buffer overflow in memory.

Recommendations For Windows 7, apply the patch from the latest patchday to resolve the issue. For Windows Server 2019, Windows Server 2008 R2, and Windows Server 2008, apply the patch from the latest patchday to resolve the issue. For Microsoft Office, update to a version that includes the fix for this issue. For Microsoft Office Word Viewer, Microsoft Excel Viewer, and Microsoft PowerPoint Viewer, avoid opening specially crafted files until a patch is available. For Office 365 ProPlus, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to specially crafted files to minimize the risk of exploitation.