This is a remote code-execution vulnerability and can be exploited by sending malicious requests to the vulnerable application. This security bug was discovered by Skape. A patched version of the application is not available yet so you should not use it.

CVE-2018-18558 – Microsoft Office Remote Code Execution Vulnerability.
It has been discovered that Microsoft Office is vulnerable to remote code-execution. This flaw is present in the software and can be exploited by sending crafted email messages to the targeted victim. A patched version of the application is not available yet so you should not use it.

CVE-2018-18559 – Windows Elevation of Privilege Vulnerability.
It has been discovered that Windows is prone to a privilege escalation vulnerability. This flaw is present in the operating system and can be exploited by an attacker with local or remote access to the system. A patched version of the operating system is not available yet so you should not use it.
In the following table you can find a summary of all the Microsoft Office vulnerabilities that were announced during the year 2018.

Microsoft Office Remote Code Execution Vulnerability

Microsoft Office is vulnerable to remote code-execution. This flaw is present in the software and can be exploited by sending crafted email messages to the targeted victim. A patched version of the application is not available yet so you should not use it.

Microsoft Office 2016 Vulnerabilities

Microsoft Office 2016 is vulnerable to a remote code-execution vulnerability. This flaw is present in the software and can be exploited by sending crafted email messages to the targeted victim. A patched version of the application is not available yet so you should not use it.

Microsoft Office 365 and SharePoint Online

Microsoft Office 365 and SharePoint Online are vulnerable to remote code-execution. This flaw is present in the software and can be exploited by sending crafted email messages to the targeted victim. A patched version of the application is not available yet so you should not use it.
It has been discovered that Microsoft Office is vulnerable to remote code-execution. This flaw is present in the software and can be exploited by sending crafted email messages to the targeted victim. A patched version of the application is not available yet so you should not use it.
It has been discovered that Microsoft Office is vulnerable to remote code-execution. This flaw is present in the software and can be exploited by sending crafted email messages to the targeted victim. A patched version of the application is not available yet so you should not use it.
It has been discovered that Microsoft Office is vulnerable to remote code-execution. This flaw is present in the software and can be exploited by sending crafted email messages to the targeted victim. A patched version of the application is not available yet so you should not use it.

Timeline

Published on: 04/15/2022 19:15:00 UTC
Last modified on: 07/06/2022 19:15:00 UTC

References