CVE-2018-8176
HIGHMicrosoft Office for Mac - Remote Code Execution via XML Content Validation Bypass
Title source: llmDescription
A remote code execution vulnerability exists in Microsoft PowerPoint software when the software fails to properly validate XML content, aka "Microsoft PowerPoint Remote Code Execution Vulnerability." This affects Microsoft Office.
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1040937
Patch, Vendor Advisory x_refsource_confirm
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8176
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/104184
Scores
CVSS v3
8.8
EPSS
0.2208
EPSS Percentile
97.4%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-20
Status
published
Products (1)
microsoft/office_for_mac
2016
Published
May 23, 2018
Tracked Since
Feb 18, 2026