CVE-2018-8244 - Vulnerability Details - OpenCVE

An elevation of privilege vulnerability exists when Microsoft Outlook does not validate attachment headers properly, aka "Microsoft Outlook Elevation of Privilege Vulnerability." This affects Microsoft Office, Microsoft Outlook.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Microsoft	Office Outlook Outlook Rt

Configuration 1 [-]

OR	cpe:2.3:a:microsoft:office:2016::::click-to-run:::
	cpe:2.3:a:microsoft:outlook:2010:sp2::::::
	cpe:2.3:a:microsoft:outlook:2013:sp1::::::
	cpe:2.3:a:microsoft:outlook:2016:::::::*
	cpe:2.3:a:microsoft:outlook_rt:2013:sp1::::::

No data.

References

Link	Providers
http://www.securityfocus.com/bid/104323
http://www.securitytracker.com/id/1041107
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8244

History

No history.

MITRE

Status: PUBLISHED

Assigner: microsoft

Published: 2018-06-14T12:00:00.000Z

Updated: 2024-08-05T06:46:13.774Z

Reserved: 2018-03-14T00:00:00.000Z

Link: CVE-2018-8244

Vulnrichment

No data.

NVD

Status : Modified

Published: 2018-06-14T12:29:02.303

Modified: 2024-11-21T04:13:29.430

Link: CVE-2018-8244

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Microsoft Office", "vendor": "Microsoft", "versions": [{"status": "affected", "version": "2016 Click-to-Run (C2R) for 32-bit editions"}, {"status": "affected", "version": "2016 Click-to-Run (C2R) for 64-bit editions"}]}, {"product": "Microsoft Outlook", "vendor": "Microsoft", "versions": [{"status": "affected", "version": "2010 Service Pack 2 (32-bit editions)"}, {"status": "affected", "version": "2010 Service Pack 2 (64-bit editions)"}, {"status": "affected", "version": "2013 RT Service Pack 1"}, {"status": "affected", "version": "2013 Service Pack 1 (32-bit editions)"}, {"status": "affected", "version": "2013 Service Pack 1 (64-bit editions)"}, {"status": "affected", "version": "2016 (32-bit edition)"}, {"status": "affected", "version": "2016 (64-bit edition)"}]}], "datePublic": "2018-06-14T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "An elevation of privilege vulnerability exists when Microsoft Outlook does not validate attachment headers properly, aka \"Microsoft Outlook Elevation of Privilege Vulnerability.\" This affects Microsoft Office, Microsoft Outlook."}], "problemTypes": [{"descriptions": [{"description": "Elevation of Privilege", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-06-15T09:57:01.000Z", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft"}, "references": [{"name": "1041107", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1041107"}, {"name": "104323", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/104323"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8244"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secure@microsoft.com", "ID": "CVE-2018-8244", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Microsoft Office", "version": {"version_data": [{"version_value": "2016 Click-to-Run (C2R) for 32-bit editions"}, {"version_value": "2016 Click-to-Run (C2R) for 64-bit editions"}]}}, {"product_name": "Microsoft Outlook", "version": {"version_data": [{"version_value": "2010 Service Pack 2 (32-bit editions)"}, {"version_value": "2010 Service Pack 2 (64-bit editions)"}, {"version_value": "2013 RT Service Pack 1"}, {"version_value": "2013 Service Pack 1 (32-bit editions)"}, {"version_value": "2013 Service Pack 1 (64-bit editions)"}, {"version_value": "2016 (32-bit edition)"}, {"version_value": "2016 (64-bit edition)"}]}}]}, "vendor_name": "Microsoft"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An elevation of privilege vulnerability exists when Microsoft Outlook does not validate attachment headers properly, aka \"Microsoft Outlook Elevation of Privilege Vulnerability.\" This affects Microsoft Office, Microsoft Outlook."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Elevation of Privilege"}]}]}, "references": {"reference_data": [{"name": "1041107", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1041107"}, {"name": "104323", "refsource": "BID", "url": "http://www.securityfocus.com/bid/104323"}, {"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8244", "refsource": "CONFIRM", "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8244"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T06:46:13.774Z"}, "title": "CVE Program Container", "references": [{"name": "1041107", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1041107"}, {"name": "104323", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/104323"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8244"}]}]}, "cveMetadata": {"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2018-8244", "datePublished": "2018-06-14T12:00:00.000Z", "dateReserved": "2018-03-14T00:00:00.000Z", "dateUpdated": "2024-08-05T06:46:13.774Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:office:2016:*:*:*:click-to-run:*:*:*", "matchCriteriaId": "E74CB3D6-B0D7-4A6C-ABAA-170C7710D856", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:outlook:2010:sp2:*:*:*:*:*:*", "matchCriteriaId": "F9A115C1-45EB-4688-AD7C-C1854850EE9B", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:outlook:2013:sp1:*:*:*:*:*:*", "matchCriteriaId": "D7B6DF1E-0DDA-4809-B216-7CEFE0A53E2B", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:outlook:2016:*:*:*:*:*:*:*", "matchCriteriaId": "E2B1657C-0FF4-461A-BE2A-641275C4B0A0", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:outlook_rt:2013:sp1:*:*:*:*:*:*", "matchCriteriaId": "714B6904-1F99-403A-B0FE-763893EB4F08", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An elevation of privilege vulnerability exists when Microsoft Outlook does not validate attachment headers properly, aka \"Microsoft Outlook Elevation of Privilege Vulnerability.\" This affects Microsoft Office, Microsoft Outlook."}, {"lang": "es", "value": "Existe una vulnerabilidad de elevaci\u00f3n de privilegios cuando Microsoft Outlook no valida correctamente las cabeceras de adjuntos. Esto tambi\u00e9n se conoce como \"Microsoft Outlook Elevation of Privilege Vulnerability\". Esto afecta a Microsoft Office y Microsoft Outlook."}], "id": "CVE-2018-8244", "lastModified": "2024-11-21T04:13:29.430", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-06-14T12:29:02.303", "references": [{"source": "secure@microsoft.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/104323"}, {"source": "secure@microsoft.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1041107"}, {"source": "secure@microsoft.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8244"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/104323"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1041107"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8244"}], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}