{"api_version":"1","generated_at":"2026-05-17T02:29:06+00:00","cve":"CVE-2018-8412","urls":{"html":"https://cve.report/CVE-2018-8412","api":"https://cve.report/api/cve/CVE-2018-8412.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2018-8412","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2018-8412"},"summary":{"title":"CVE-2018-8412","description":"An elevation of privilege vulnerability exists when the Microsoft AutoUpdate (MAU) application for Mac improperly validates updates before executing them, aka \"Microsoft (MAU) Office Elevation of Privilege Vulnerability.\" This affects Microsoft Office.","state":"PUBLIC","assigner":"secure@microsoft.com","published_at":"2018-08-15 17:29:00","updated_at":"2018-10-23 17:55:00"},"problem_types":["CWE-20"],"metrics":[],"references":[{"url":"http://www.securitytracker.com/id/1041484","name":"1041484","refsource":"SECTRACK","tags":["Third Party Advisory","VDB Entry"],"title":"Microsoft AutoUpdate for Mac Lets Local Users Gain Elevated Privileges - SecurityTracker","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8412","name":"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8412","refsource":"CONFIRM","tags":["Patch","Vendor Advisory"],"title":"","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/105014","name":"105014","refsource":"BID","tags":["Third Party Advisory","VDB Entry"],"title":"Microsoft Office CVE-2018-8412 Privilege Escalation Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2018-8412","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-8412","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2018","cve_id":"8412","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microsoft","cpe5":"office_for_mac","cpe6":"2016","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"8412","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microsoft","cpe5":"office_for_mac","cpe6":"2016","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"secure@microsoft.com","ID":"CVE-2018-8412","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"Microsoft Office","version":{"version_data":[{"version_value":"2016 for Mac"}]}}]},"vendor_name":"Microsoft"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"An elevation of privilege vulnerability exists when the Microsoft AutoUpdate (MAU) application for Mac improperly validates updates before executing them, aka \"Microsoft (MAU) Office Elevation of Privilege Vulnerability.\" This affects Microsoft Office."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Elevation of Privilege"}]}]},"references":{"reference_data":[{"name":"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8412","refsource":"CONFIRM","url":"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8412"},{"name":"1041484","refsource":"SECTRACK","url":"http://www.securitytracker.com/id/1041484"},{"name":"105014","refsource":"BID","url":"http://www.securityfocus.com/bid/105014"}]}},"nvd":{"publishedDate":"2018-08-15 17:29:00","lastModifiedDate":"2018-10-23 17:55:00","problem_types":["CWE-20"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":7.8,"baseSeverity":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:P/A:P","accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL","baseScore":4.6},"severity":"MEDIUM","exploitabilityScore":3.9,"impactScore":6.4,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:microsoft:office_for_mac:2016:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2018","CveId":"8412","Ordinal":"124767","Title":"CVE-2018-8412","CVE":"CVE-2018-8412","Year":"2018"},"notes":[{"CveYear":"2018","CveId":"8412","Ordinal":"1","NoteData":"An elevation of privilege vulnerability exists when the Microsoft AutoUpdate (MAU) application for Mac improperly validates updates before executing them, aka \"Microsoft (MAU) Office Elevation of Privilege Vulnerability.\" This affects Microsoft Office.","Type":"Description","Title":null},{"CveYear":"2018","CveId":"8412","Ordinal":"2","NoteData":"2018-08-15","Type":"Other","Title":"Published"},{"CveYear":"2018","CveId":"8412","Ordinal":"3","NoteData":"2018-08-16","Type":"Other","Title":"Modified"}]}}}