Description
An information disclosure vulnerability exists when Microsoft Office software reads out of bound memory due to an uninitialized variable, which could disclose the contents of memory, aka "Microsoft Office Information Disclosure Vulnerability." This affects Word, Microsoft SharePoint Server, Microsoft Office Word Viewer, Microsoft Excel Viewer, Microsoft SharePoint, Microsoft Office.
References (2)
Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/104996
Patch, Vendor Advisory x_refsource_confirm
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8378
Scores
CVSS v3
5.5
EPSS
0.3280
EPSS Percentile
96.9%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Details
CWE
CWE-125
CWE-908
Status
published
Products (12)
microsoft/excel_viewer
2007 sp3
microsoft/office
2010 sp2
microsoft/office
2013 sp1 (2 CPE variants)
microsoft/office
2016 (2 CPE variants)
microsoft/office_compatibility_pack
microsoft/office_web_apps
2010 sp2
microsoft/office_web_apps
2013 sp1
microsoft/office_word_viewer
microsoft/sharepoint_enterprise_server_2013
microsoft/sharepoint_enterprise_server_2016
... and 2 more
Published
Aug 15, 2018
Tracked Since
Feb 18, 2026