CVE-2018-8587

HIGH

Microsoft Outlook - RCE

Title source: llm

Description

A remote code execution vulnerability exists in Microsoft Outlook software when it fails to properly handle objects in memory, aka "Microsoft Outlook Remote Code Execution Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Outlook.

Exploits (1)

nomisec NO CODE 1 stars

by Sunqiz · poc

https://github.com/Sunqiz/CVE-2018-8587-reproduction

View Code ZIP pw:eip

References (2)

Core 2

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/106097

Patch, Vendor Advisory x_refsource_confirm

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8587

Scores

CVSS v3 7.8

EPSS 0.4676

EPSS Percentile 97.7%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

Status published

Products (5)

microsoft/office 2010 sp2

microsoft/office 2013 sp1 (2 CPE variants)

microsoft/office 2016

microsoft/office 2019

microsoft/office_365_proplus

Published Dec 12, 2018

Tracked Since Feb 18, 2026