CVE-2018-8310

Description

A tampering vulnerability exists when Microsoft Outlook does not properly handle specific attachment types when rendering HTML emails, aka "Microsoft Office Tampering Vulnerability." This affects Microsoft Word, Microsoft Office.

Affected products

• Microsoft / Microsoft Office2010 Service Pack 2 (32-bit editions) – 2010 Service Pack 2 (32-bit editions)
• Microsoft / Microsoft Office2010 Service Pack 2 (64-bit editions) – 2010 Service Pack 2 (64-bit editions)
• Microsoft / Microsoft Office2016 Click-to-Run (C2R) for 32-bit editions – 2016 Click-to-Run (C2R) for 32-bit editions
• Microsoft / Microsoft Office2016 Click-to-Run (C2R) for 64-bit editions – 2016 Click-to-Run (C2R) for 64-bit editions
• Microsoft / Microsoft Word2013 Service Pack 1 (64-bit editions) – 2013 Service Pack 1 (64-bit editions)
• Microsoft / Microsoft Word2010 Service Pack 2 (32-bit editions) – 2010 Service Pack 2 (32-bit editions)
• Microsoft / Microsoft Word2016 (64-bit edition) – 2016 (64-bit edition)
• Microsoft / Microsoft Word2016 (32-bit edition) – 2016 (32-bit edition)
• Microsoft / Microsoft Word2010 Service Pack 2 (64-bit editions) – 2010 Service Pack 2 (64-bit editions)
• Microsoft / Microsoft Word2013 RT Service Pack 1 – 2013 RT Service Pack 1
• Microsoft / Microsoft Word2013 Service Pack 1 (32-bit editions) – 2013 Service Pack 1 (32-bit editions)

References

• VENDOR_ADVISORYhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8310
• MISChttp://www.securityfocus.com/bid/104615
• MISChttp://www.securitytracker.com/id/1041274