First published: Thu Apr 12 2018(Updated: )
A remote code execution vulnerability exists when the Office graphics component improperly handles specially crafted embedded fonts, aka "Microsoft Office Graphics Remote Code Execution Vulnerability." This affects Word, Microsoft Office, Microsoft SharePoint, Excel, Microsoft SharePoint Server.
Credit: secure@microsoft.com
Affected Software | Affected Version | How to fix |
---|---|---|
Microsoft Excel Services | ||
Microsoft Office | =2013-sp1 | |
Microsoft Office | =2013_rt-sp1 | |
Microsoft Office | =2016 | |
Microsoft Office 2010 | =sp2 | |
Microsoft Office Web Apps | =2010-sp2 | |
Microsoft Office Web Apps | =2013-sp1 | |
Microsoft SharePoint Enterprise Server | =2013-sp1 | |
Microsoft SharePoint Enterprise Server | =2016 | |
Microsoft Word Automation Services |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-1028 is a remote code execution vulnerability that exists in the Office graphics component.
CVE-2018-1028 affects Microsoft Office, including Word, Excel, and SharePoint.
CVE-2018-1028 has a severity value of 8.8, which is considered critical.
To fix CVE-2018-1028, apply the latest security updates and patches provided by Microsoft.
You can find more information about CVE-2018-1028 on the Microsoft Security Guidance Advisory page and the SecurityFocus and SecurityTracker websites.