CVE-2018-8627

MEDIUM EXPLOITED IN THE WILD

Microsoft Excel - Information Disclosure via Uninitialized Variable

Title source: llm

Exploitation Summary

CVE-2018-8627 has been observed exploited in the wild (reported by VulnCheck KEV, InTheWild.io).

Description

An information disclosure vulnerability exists when Microsoft Excel software reads out of bound memory due to an uninitialized variable, which could disclose the contents of memory, aka "Microsoft Excel Information Disclosure Vulnerability." This affects Microsoft Office, Office 365 ProPlus, Microsoft Excel, Microsoft Excel Viewer, Excel. This CVE ID is unique from CVE-2018-8598.

References (2)

Core 2

Core References

Patch, Vendor Advisory x_refsource_confirm

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8627

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/106120

Scores

CVSS v3 5.5

EPSS 0.0866

EPSS Percentile 94.4%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Details

VulnCheck KEV 2021-01-21

InTheWild.io 2019-01-02

CWE

CWE-908

Status published

Products (10)

microsoft/excel 2010 sp2

microsoft/excel 2013 sp1 (2 CPE variants)

microsoft/excel 2016

microsoft/excel_viewer 2007 sp3

microsoft/office 2010 sp2

microsoft/office 2016

microsoft/office 2019 (2 CPE variants)

microsoft/office_365_proplus

microsoft/office_compatibility_pack

microsoft/sharepoint_server 2010 sp2

Published Dec 12, 2018

Tracked Since Feb 18, 2026