CVE-2018-8265

HIGH

Microsoft Exchange Server - Remote Code Execution via Crafted Email Message Parsing

Title source: llm
STIX 2.1

Description

A remote code execution vulnerability exists in the way Microsoft Exchange software parses specially crafted email messages, aka "Microsoft Exchange Remote Code Execution Vulnerability." This affects Microsoft Exchange Server.

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/105491
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1041836

Scores

CVSS v3 7.8
EPSS 0.1963
EPSS Percentile 97.1%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-20
Status published
Products (2)
microsoft/exchange_server 2013 cumulative_update_21
microsoft/exchange_server 2016 cumulative_update_10
Published Oct 10, 2018
Tracked Since Feb 18, 2026