{"api_version":"1","generated_at":"2026-05-06T14:42:32+00:00","cve":"CVE-2018-8245","urls":{"html":"https://cve.report/CVE-2018-8245","api":"https://cve.report/api/cve/CVE-2018-8245.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2018-8245","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2018-8245"},"summary":{"title":"CVE-2018-8245","description":"A remote code execution vulnerability exists when Microsoft Publisher fails to utilize features that lock down the Local Machine zone when instantiating OLE objects, aka \"Microsoft Publisher Remote Code Execution Vulnerability.\" This affects Microsoft Publisher.","state":"PUBLIC","assigner":"secure@microsoft.com","published_at":"2018-06-14 12:29:00","updated_at":"2020-08-24 17:37:00"},"problem_types":["NVD-CWE-noinfo"],"metrics":[],"references":[{"url":"http://www.securitytracker.com/id/1041105","name":"1041105","refsource":"SECTRACK","tags":["Third Party Advisory","VDB Entry"],"title":"Microsoft Publisher Local Machine Access Control Flaw Lets Remote Users Execute Arbitrary Code - SecurityTracker","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8245","name":"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8245","refsource":"CONFIRM","tags":["Patch","Vendor Advisory"],"title":"","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/104405","name":"104405","refsource":"BID","tags":["Third Party Advisory","VDB Entry"],"title":"Microsoft Office CVE-2018-8245 Privilege Escalation Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2018-8245","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-8245","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2018","cve_id":"8245","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microsoft","cpe5":"publisher","cpe6":"2010","cpe7":"sp2","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"8245","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microsoft","cpe5":"publisher","cpe6":"2010","cpe7":"sp2","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"secure@microsoft.com","ID":"CVE-2018-8245","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"Microsoft Publisher","version":{"version_data":[{"version_value":"2010 Service Pack 2 (32-bit editions)"},{"version_value":"2010 Service Pack 2 (64-bit editions)"}]}}]},"vendor_name":"Microsoft"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"A remote code execution vulnerability exists when Microsoft Publisher fails to utilize features that lock down the Local Machine zone when instantiating OLE objects, aka \"Microsoft Publisher Remote Code Execution Vulnerability.\" This affects Microsoft Publisher."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Remote Code Execution"}]}]},"references":{"reference_data":[{"name":"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8245","refsource":"CONFIRM","url":"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8245"},{"name":"104405","refsource":"BID","url":"http://www.securityfocus.com/bid/104405"},{"name":"1041105","refsource":"SECTRACK","url":"http://www.securitytracker.com/id/1041105"}]}},"nvd":{"publishedDate":"2018-06-14 12:29:00","lastModifiedDate":"2020-08-24 17:37:00","problem_types":["NVD-CWE-noinfo"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":7.8,"baseSeverity":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL","baseScore":6.8},"severity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:microsoft:publisher:2010:sp2:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2018","CveId":"8245","Ordinal":"124600","Title":"CVE-2018-8245","CVE":"CVE-2018-8245","Year":"2018"},"notes":[{"CveYear":"2018","CveId":"8245","Ordinal":"1","NoteData":"A remote code execution vulnerability exists when Microsoft Publisher fails to utilize features that lock down the Local Machine zone when instantiating OLE objects, aka \"Microsoft Publisher Remote Code Execution Vulnerability.\" This affects Microsoft Publisher.","Type":"Description","Title":null},{"CveYear":"2018","CveId":"8245","Ordinal":"2","NoteData":"2018-06-14","Type":"Other","Title":"Published"},{"CveYear":"2018","CveId":"8245","Ordinal":"3","NoteData":"2018-06-20","Type":"Other","Title":"Modified"}]}}}