{"api_version":"1","generated_at":"2026-04-23T09:38:22+00:00","cve":"CVE-2018-8427","urls":{"html":"https://cve.report/CVE-2018-8427","api":"https://cve.report/api/cve/CVE-2018-8427.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2018-8427","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2018-8427"},"summary":{"title":"CVE-2018-8427","description":"An information disclosure vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka \"Microsoft Graphics Components Information Disclosure Vulnerability.\" This affects Microsoft Office, Microsoft Office Word Viewer, Office 365 ProPlus, Windows Server 2008, Microsoft PowerPoint Viewer, Microsoft Excel Viewer.","state":"PUBLIC","assigner":"secure@microsoft.com","published_at":"2018-10-10 13:29:00","updated_at":"2018-11-27 16:04:00"},"problem_types":["CWE-200"],"metrics":[],"references":[{"url":"http://www.securityfocus.com/bid/105453","name":"105453","refsource":"BID","tags":["Third Party Advisory","VDB Entry"],"title":"Microsoft Windows Graphics Component CVE-2018-8427 Information Disclosure Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://www.securitytracker.com/id/1041823","name":"1041823","refsource":"SECTRACK","tags":["Third Party Advisory","VDB Entry"],"title":"Microsoft GDI+ Multiple Bugs Lets Local Users Gain Potentially Sensitive Information and Obtain Elevated Privileges - SecurityTracker","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8427","name":"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8427","refsource":"CONFIRM","tags":["Patch","Vendor Advisory"],"title":"","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2018-8427","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-8427","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2018","cve_id":"8427","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microsoft","cpe5":"excel_viewer","cpe6":"2007","cpe7":"sp3","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"8427","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microsoft","cpe5":"excel_viewer","cpe6":"2007","cpe7":"sp3","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"8427","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microsoft","cpe5":"office","cpe6":"2016","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"mac_os_x","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"8427","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microsoft","cpe5":"office","cpe6":"2019","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"8427","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microsoft","cpe5":"office","cpe6":"2016","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"mac_os_x","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"8427","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microsoft","cpe5":"office","cpe6":"2019","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"8427","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microsoft","cpe5":"office_365_proplus","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"8427","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microsoft","cpe5":"office_365_proplus","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"8427","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microsoft","cpe5":"office_compatibility_pack","cpe6":"-","cpe7":"sp3","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"8427","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microsoft","cpe5":"office_compatibility_pack","cpe6":"-","cpe7":"sp3","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"8427","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microsoft","cpe5":"office_word_viewer","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"8427","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microsoft","cpe5":"office_word_viewer","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"8427","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microsoft","cpe5":"powerpoint_viewer","cpe6":"2007","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"8427","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microsoft","cpe5":"powerpoint_viewer","cpe6":"2007","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"8427","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"microsoft","cpe5":"windows_server_2008","cpe6":"-","cpe7":"sp2","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"8427","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"microsoft","cpe5":"windows_server_2008","cpe6":"-","cpe7":"sp2","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"secure@microsoft.com","ID":"CVE-2018-8427","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"Microsoft Office","version":{"version_data":[{"version_value":"2016 for Mac"},{"version_value":"2019 for 32-bit editions"},{"version_value":"2019 for 64-bit editions"},{"version_value":"Compatibility Pack Service Pack 3"}]}},{"product_name":"Microsoft Office Word Viewer","version":{"version_data":[{"version_value":"Microsoft Office Word Viewer"}]}},{"product_name":"Windows Server 2008","version":{"version_data":[{"version_value":"32-bit Systems Service Pack 2"},{"version_value":"32-bit Systems Service Pack 2 (Server Core installation)"},{"version_value":"Itanium-Based Systems Service Pack 2"},{"version_value":"x64-based Systems Service Pack 2"},{"version_value":"x64-based Systems Service Pack 2 (Server Core installation)"}]}},{"product_name":"Microsoft PowerPoint Viewer","version":{"version_data":[{"version_value":"2007"}]}},{"product_name":"Office","version":{"version_data":[{"version_value":"365 ProPlus for 32-bit Systems"},{"version_value":"365 ProPlus for 64-bit Systems"}]}},{"product_name":"Microsoft Excel Viewer","version":{"version_data":[{"version_value":"2007 Service Pack 3"}]}}]},"vendor_name":"Microsoft"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"An information disclosure vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka \"Microsoft Graphics Components Information Disclosure Vulnerability.\" This affects Microsoft Office, Microsoft Office Word Viewer, Office 365 ProPlus, Windows Server 2008, Microsoft PowerPoint Viewer, Microsoft Excel Viewer."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Information Disclosure"}]}]},"references":{"reference_data":[{"name":"1041823","refsource":"SECTRACK","url":"http://www.securitytracker.com/id/1041823"},{"name":"105453","refsource":"BID","url":"http://www.securityfocus.com/bid/105453"},{"name":"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8427","refsource":"CONFIRM","url":"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8427"}]}},"nvd":{"publishedDate":"2018-10-10 13:29:00","lastModifiedDate":"2018-11-27 16:04:00","problem_types":["CWE-200"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":5.5,"baseSeverity":"MEDIUM"},"exploitabilityScore":1.8,"impactScore":3.6},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:N/A:N","accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":2.1},"severity":"LOW","exploitabilityScore":3.9,"impactScore":2.9,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:microsoft:office_compatibility_pack:-:sp3:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:microsoft:office_word_viewer:-:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:microsoft:excel_viewer:2007:sp3:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:microsoft:office:2016:*:*:*:*:mac_os_x:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:microsoft:office_365_proplus:-:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:microsoft:powerpoint_viewer:2007:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2018","CveId":"8427","Ordinal":"124782","Title":"CVE-2018-8427","CVE":"CVE-2018-8427","Year":"2018"},"notes":[{"CveYear":"2018","CveId":"8427","Ordinal":"1","NoteData":"An information disclosure vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka \"Microsoft Graphics Components Information Disclosure Vulnerability.\" This affects Microsoft Office, Microsoft Office Word Viewer, Office 365 ProPlus, Windows Server 2008, Microsoft PowerPoint Viewer, Microsoft Excel Viewer.","Type":"Description","Title":null},{"CveYear":"2018","CveId":"8427","Ordinal":"2","NoteData":"2018-10-10","Type":"Other","Title":"Published"},{"CveYear":"2018","CveId":"8427","Ordinal":"3","NoteData":"2018-10-11","Type":"Other","Title":"Modified"}]}}}