CVE-2018-8161
First published: Wed May 09 2018(Updated: )
A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory, aka "Microsoft Office Remote Code Execution Vulnerability." This affects Microsoft Word, Word, Microsoft Office, Microsoft SharePoint. This CVE ID is unique from CVE-2018-8157, CVE-2018-8158.
Credit: secure@microsoft.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Microsoft Office | =2010-sp2 | |
| Microsoft Office | =2013-sp1 | |
| Microsoft Office | =2016 | |
| Microsoft Office | =2016 | |
| Microsoft Office Web Apps | =2010-sp2 | |
| Microsoft Office Web Apps | =2013-sp1 | |
| Microsoft SharePoint Server | =2010-sp2 | |
| Microsoft SharePoint Server | =2013-sp1 | |
| Microsoft SharePoint Server | =2016 | |
| Microsoft Word for Android | =2010-sp2 | |
| Microsoft Word for Android | =2013-sp1 | |
| Microsoft Word for Android | =2013-sp1 | |
| Microsoft Word for Android | =2016 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2018-8161?
CVE-2018-8161 is a remote code execution vulnerability in Microsoft Office software.
Which software is affected by CVE-2018-8161?
Microsoft Word, Microsoft Office, Microsoft SharePoint, and Microsoft Office Web Apps are affected by CVE-2018-8161.
What is the severity of CVE-2018-8161?
The severity of CVE-2018-8161 is critical with a CVSS score of 7.8.
Where can I find more information about CVE-2018-8161?
You can find more information about CVE-2018-8161 on the following websites: [SecurityFocus](http://www.securityfocus.com/bid/104052), [SecurityTracker](http://www.securitytracker.com/id/1040853), [Microsoft Security Guidance Advisory](https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8161).
How can I fix CVE-2018-8161?
To fix CVE-2018-8161, you should apply the latest security updates provided by Microsoft.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/remedy
- agent/author
- agent/references
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/description
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/microsoft
- canonical/microsoft office
- version/microsoft office/2010-sp2
- version/microsoft office/2013-sp1
- version/microsoft office/2016
- canonical/microsoft office web apps
- version/microsoft office web apps/2010-sp2
- version/microsoft office web apps/2013-sp1
- canonical/microsoft sharepoint server
- version/microsoft sharepoint server/2010-sp2
- version/microsoft sharepoint server/2013-sp1
- version/microsoft sharepoint server/2016
- canonical/microsoft word for android
- version/microsoft word for android/2010-sp2
- version/microsoft word for android/2013-sp1
- version/microsoft word for android/2016