CVE-2018-1028
HIGHMicrosoft Office Graphics Component - Remote Code Execution via Embedded Font Handling
Title source: llmDescription
A remote code execution vulnerability exists when the Office graphics component improperly handles specially crafted embedded fonts, aka "Microsoft Office Graphics Remote Code Execution Vulnerability." This affects Word, Microsoft Office, Microsoft SharePoint, Excel, Microsoft SharePoint Server.
References (3)
Core 3
Core References
Patch, Vendor Advisory x_refsource_confirm
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1028
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1040654
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/103641
Scores
CVSS v3
8.8
EPSS
0.1911
EPSS Percentile
97.0%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-94
Status
published
Products (10)
microsoft/excel_services
microsoft/office
2013 sp1
microsoft/office
2013_rt sp1
microsoft/office
2016
microsoft/office_2010
microsoft/office_web_apps
2010 sp2
microsoft/office_web_apps
2013 sp1
microsoft/sharepoint_enterprise_server
2013 sp1
microsoft/sharepoint_enterprise_server
2016
microsoft/word_automation_services
Published
Apr 12, 2018
Tracked Since
Feb 18, 2026