CVE-2018-8176

HIGH

Microsoft Office for Mac - Remote Code Execution via XML Content Validation Bypass

Title source: llm
STIX 2.1

Description

A remote code execution vulnerability exists in Microsoft PowerPoint software when the software fails to properly validate XML content, aka "Microsoft PowerPoint Remote Code Execution Vulnerability." This affects Microsoft Office.

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1040937
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/104184

Scores

CVSS v3 8.8
EPSS 0.2208
EPSS Percentile 97.4%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-20
Status published
Products (1)
microsoft/office_for_mac 2016
Published May 23, 2018
Tracked Since Feb 18, 2026