Microsoft Office CVE-2018-8378 Information Disclosure Vulnerability

Bugtraq ID:	104996
Class:	Design Error
CVE:	CVE-2018-8378
Remote:	Yes
Local:	No
Published:	Aug 14 2018 12:00AM
Updated:	Aug 14 2018 12:00AM
Credit:	Jaanus K�?¤�?¤p of Clarified Security
Vulnerable:	Microsoft Word Automation Services 0 Microsoft SharePoint Server 2013 SP1 Microsoft SharePoint Enterprise Server 2016 0 Microsoft SharePoint Enterprise Server 2013 Service Pack 1 Microsoft Office Word Viewer 0 Microsoft Office Web Apps 2013 SP1 Microsoft Office Web Apps 2010 SP2 Microsoft Office 2016 Click-to-Run (C2R) for 64-bit edition 0 - Microsoft Windows NT 4.0 Microsoft Office 2016 Click-to-Run (C2R) for 32-bit edition 0 - Microsoft Windows NT 4.0 Microsoft Office 2016 (64-bit edition) 0 Microsoft Office 2016 (32-bit edition) 0 Microsoft Office 2013 Service Pack 1 (64-bit editions) Microsoft Office 2013 Service Pack 1 (32-bit editions) Microsoft Office 2013 RT Service Pack 1 0 Microsoft Office 2010 Service Pack 2 (64-bit editions) 0 Microsoft Office 2010 Service Pack 2 (32-bit editions) 0 Microsoft Excel Viewer 2007 Service Pack 3 0
Not Vulnerable:

Microsoft Office CVE-2018-8378 Information Disclosure Vulnerability

Microsoft Office is prone to an information-disclosure vulnerability.

Attackers can exploit this issue to obtain sensitive information that may aid in further attacks.

Microsoft Office CVE-2018-8378 Information Disclosure Vulnerability

Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Microsoft Office CVE-2018-8378 Information Disclosure Vulnerability

Solution:
Updates are available. Please see the references or vendor advisory for more information.

Microsoft Office CVE-2018-8378 Information Disclosure Vulnerability

References:

• Microsoft Homepage (Microsoft)
  
• Microsoft Office Homepage (Microsoft)
  
• CVE-2018-8378 | Microsoft Office Information Disclosure Vulnerability (Microsoft)