CVE-2018-1028

Summary

A remote code execution vulnerability exists when the Office graphics component improperly handles specially crafted embedded fonts, aka "Microsoft Office Graphics Remote Code Execution Vulnerability." This affects Word, Microsoft Office, Microsoft SharePoint, Excel, Microsoft SharePoint Server.

Affected Software

VendorProductVersion RangeStatus
MicrosoftWordAutomation Services on Microsoft SharePoint Server 2010 Service Pack 2affected
MicrosoftWordAutomation Services on Microsoft SharePoint Server 2013 Service Pack 1affected
MicrosoftMicrosoft Office2010 Service Pack 2 (32-bit editions)affected
MicrosoftMicrosoft Office2010 Service Pack 2 (64-bit editions)affected
MicrosoftMicrosoft Office2013 RT Service Pack 1affected
MicrosoftMicrosoft Office2013 Service Pack 1 (32-bit editions)affected
MicrosoftMicrosoft Office2013 Service Pack 1 (64-bit editions)affected
MicrosoftMicrosoft Office2016 (32-bit edition)affected
MicrosoftMicrosoft Office2016 (64-bit edition)affected
MicrosoftMicrosoft OfficeWeb Apps 2010 Service Pack 2affected
MicrosoftMicrosoft OfficeWeb Apps Server 2013 Service Pack 1affected
MicrosoftMicrosoft SharePointEnterprise Server 2016affected
MicrosoftExcelServices on Microsoft SharePoint Enterprise Server 2013 Service Pack 1affected
MicrosoftMicrosoft SharePoint Server2013 Service Pack 1affected

Weaknesses

  • Remote Code Execution

ADP Enrichment

CVE Program Container

Additional References

References