Important 2018-06 archive

Executive Summary

An elevation of privilege vulnerability exists when Office Web Apps Server 2013 and Office Online Server fail to properly handle web requests. An attacker who successfully exploited this vulnerability could perform script/content injection attacks and attempt to trick the user into disclosing sensitive information. To exploit the vulnerability, an attacker could send an email message containing a malicious link to a user. Alternatively, an attacker could use a chat client to social engineer a user into clicking the malicious link. The user must click the malicious link for the vulnerability to be exploited. The security update addresses the vulnerability by correcting how Office Web Apps Server 2013 and Office Online Server validate web requests.

Overview

Important
MS Severity
Not Exploited
MS Exploit Status
Less Likely
MS Exploit Likelihood
Category Elevation of Privilege
Released Jun 12 2018
Last Updated Jun 12 2018
Publicly Disclosed No
CISA KEV Not Listed
Known Exploits None Known

EPSS Score

No EPSS score available for this CVE.

View on FIRST.org

Affected Products

2 affected products
Product KB Article Severity Impact Restart Required
Microsoft Office Online Server 2016 4011026 (Security Update) Important Elevation of Privilege Maybe
Microsoft Office Web Apps Server 2013 Service Pack 1 4022183 (Security Update) Important Elevation of Privilege Maybe

Patches

2 patches
Article Type Restart
4011026 Security Update Maybe
4022183 Security Update Maybe

Known Exploits

Acknowledgments