Important 2018-04 archive

Executive Summary

A remote code execution vulnerability exists when the Office graphics component improperly handles specially crafted embedded fonts. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. There are multiple ways an attacker could exploit this vulnerability. In a web-based attack scenario, an attacker could host a specially crafted website designed to exploit the vulnerability and then convince a user to view the website. An attacker would have no way to force a user to view the attacker-controlled content. Instead, an attacker would have to convince a user to take action, typically by getting the user to click a link in an email or instant message that takes the user to the attacker's website, or by opening an attachment sent through email. In a file-sharing attack scenario, an attacker could provide a specially crafted document file designed to exploit the vulnerability and then convince a user to open the document file. Note that the Preview Pane is not an attack vector for this vulnerability. The security update addresses the vulnerability by correcting how the Windows font library handles embedded fonts.

Overview

Important
MS Severity
Not Exploited
MS Exploit Status
More Likely
MS Exploit Likelihood
Category Remote Code Execution
Released Apr 10 2018
Last Updated Apr 10 2018
Publicly Disclosed No
CISA KEV Not Listed
Known Exploits None Known

EPSS Score

No EPSS score available for this CVE.

View on FIRST.org

Affected Products

14 affected products
Product KB Article Severity Impact Restart Required
Excel Services on Microsoft SharePoint Enterprise Server 2013 Service Pack 1 4018343 (Security Update) Important Remote Code Execution Maybe
Microsoft Office 2010 Service Pack 2 (32-bit editions) 4018311 (Security Update) Important Remote Code Execution Maybe
Microsoft Office 2010 Service Pack 2 (64-bit editions) 4018311 (Security Update) Important Remote Code Execution Maybe
Microsoft Office 2013 RT Service Pack 1 4018330 (Security Update) Important Remote Code Execution Maybe
Microsoft Office 2013 Service Pack 1 (32-bit editions) 4018330 (Security Update) Important Remote Code Execution Maybe
Microsoft Office 2013 Service Pack 1 (64-bit editions) 4018330 (Security Update) Important Remote Code Execution Maybe
Microsoft Office 2016 (32-bit edition) 4018328 (Security Update) Important Remote Code Execution Maybe
Microsoft Office 2016 (64-bit edition) 4018328 (Security Update) Important Remote Code Execution Maybe
Microsoft Office Web Apps 2010 Service Pack 2 4018360 (Security Update) Important Remote Code Execution Maybe
Microsoft Office Web Apps Server 2013 Service Pack 1 4018344 (Security Update) Important Remote Code Execution Maybe
Microsoft SharePoint Enterprise Server 2016 4018336 (Security Update) Important Remote Code Execution Maybe
Microsoft SharePoint Server 2013 Service Pack 1 4011586 (Security Update) Important Remote Code Execution Maybe
Word Automation Services on Microsoft SharePoint Server 2010 Service Pack 2 4018356 (Security Update) Important Remote Code Execution Maybe
Word Automation Services on Microsoft SharePoint Server 2013 Service Pack 1 4018341 (Security Update) Important Remote Code Execution Maybe

Patches

10 patches
Article Type Restart
4018343 Security Update Maybe
4018311 Security Update Maybe
4018330 Security Update Maybe
4018328 Security Update Maybe
4018360 Security Update Maybe
4018344 Security Update Maybe
4018336 Security Update Maybe
4011586 Security Update Maybe
4018356 Security Update Maybe
4018341 Security Update Maybe

Known Exploits

Acknowledgments

Jaanus Kääp of Clarified Security