CVE-2018-8378
First published: Wed Aug 15 2018(Updated: )
An information disclosure vulnerability exists when Microsoft Office software reads out of bound memory due to an uninitialized variable, which could disclose the contents of memory, aka "Microsoft Office Information Disclosure Vulnerability." This affects Word, Microsoft SharePoint Server, Microsoft Office Word Viewer, Microsoft Excel Viewer, Microsoft SharePoint, Microsoft Office.
Credit: secure@microsoft.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Microsoft Excel Viewer | =2007-sp3 | |
| Microsoft Office | =2010-sp2 | |
| Microsoft Office | =2013-sp1 | |
| Microsoft Office | =2013-sp1 | |
| Microsoft Office | =2016 | |
| Microsoft Office | =2016 | |
| Microsoft Office Compatibility Pack | =sp3 | |
| Microsoft Office Web Apps | =2010-sp2 | |
| Microsoft Office Web Apps | =2013-sp1 | |
| Microsoft Office Word Viewer | ||
| Microsoft SharePoint Enterprise Server 2013 | =sp1 | |
| Microsoft SharePoint Enterprise Server 2016 | ||
| Microsoft SharePoint Server | =2013-sp1 | |
| Microsoft Word Automation Services | ||
| Microsoft SharePoint Server | =2010-sp2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2018-8378?
CVE-2018-8378 is an information disclosure vulnerability in Microsoft Office software that allows an attacker to read out-of-bound memory and disclose its contents.
Which software is affected by CVE-2018-8378?
The software affected by CVE-2018-8378 includes Microsoft Excel Viewer 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office 2013 SP1, Microsoft Office 2016, Microsoft Office Compatibility Pack SP3, Microsoft Office Web Apps 2010 SP2, Microsoft Office Web Apps 2013 SP1, Microsoft Office Word Viewer, Microsoft SharePoint Enterprise Server 2013 SP1, Microsoft SharePoint Enterprise Server 2016, and Microsoft SharePoint Server 2013 SP1.
How severe is CVE-2018-8378?
CVE-2018-8378 has a severity rating of 5.5 (medium).
What is the Common Weakness Enumeration (CWE) code for CVE-2018-8378?
The CWE codes for CVE-2018-8378 are CWE-125 (Out-of-bounds Read) and CWE-908 (Use of Uninitialized Variable).
Where can I find more information about CVE-2018-8378?
You can find more information about CVE-2018-8378 on the SecurityFocus website and the Microsoft Security Guidance Advisory.
- collector/nvd-index
- agent/references
- agent/severity
- agent/weakness
- agent/author
- agent/description
- agent/type
- agent/event
- agent/last-modified-date
- agent/first-publish-date
- agent/tags
- agent/softwarecombine
- agent/remedy
- collector/mitre-cve
- source/MITRE
- vendor/microsoft
- canonical/microsoft excel viewer
- version/microsoft excel viewer/2007-sp3
- canonical/microsoft office
- version/microsoft office/2010-sp2
- version/microsoft office/2013-sp1
- version/microsoft office/2016
- canonical/microsoft office compatibility pack
- version/microsoft office compatibility pack/sp3
- canonical/microsoft office web apps
- version/microsoft office web apps/2010-sp2
- version/microsoft office web apps/2013-sp1
- canonical/microsoft office word viewer
- canonical/microsoft sharepoint enterprise server 2013
- version/microsoft sharepoint enterprise server 2013/sp1
- canonical/microsoft sharepoint enterprise server 2016
- canonical/microsoft sharepoint server
- version/microsoft sharepoint server/2013-sp1
- canonical/microsoft word automation services
- version/microsoft sharepoint server/2010-sp2