CVE-2018-1028

HIGH

Microsoft Office Graphics Component - Remote Code Execution via Embedded Font Handling

Title source: llm
STIX 2.1

Description

A remote code execution vulnerability exists when the Office graphics component improperly handles specially crafted embedded fonts, aka "Microsoft Office Graphics Remote Code Execution Vulnerability." This affects Word, Microsoft Office, Microsoft SharePoint, Excel, Microsoft SharePoint Server.

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1040654
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/103641

Scores

CVSS v3 8.8
EPSS 0.1911
EPSS Percentile 97.0%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-94
Status published
Products (10)
microsoft/excel_services
microsoft/office 2013 sp1
microsoft/office 2013_rt sp1
microsoft/office 2016
microsoft/office_2010
microsoft/office_web_apps 2010 sp2
microsoft/office_web_apps 2013 sp1
microsoft/sharepoint_enterprise_server 2013 sp1
microsoft/sharepoint_enterprise_server 2016
microsoft/word_automation_services
Published Apr 12, 2018
Tracked Since Feb 18, 2026