CVE-2018-8265
HIGHMicrosoft Exchange Server - Remote Code Execution via Crafted Email Message Parsing
Title source: llmDescription
A remote code execution vulnerability exists in the way Microsoft Exchange software parses specially crafted email messages, aka "Microsoft Exchange Remote Code Execution Vulnerability." This affects Microsoft Exchange Server.
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/105491
Patch, Vendor Advisory x_refsource_confirm
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8265
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1041836
Scores
CVSS v3
7.8
EPSS
0.1963
EPSS Percentile
97.1%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-20
Status
published
Products (2)
microsoft/exchange_server
2013 cumulative_update_21
microsoft/exchange_server
2016 cumulative_update_10
Published
Oct 10, 2018
Tracked Since
Feb 18, 2026