CVE-2018-8575

Description

A remote code execution vulnerability exists in Microsoft Project software when it fails to properly handle objects in memory, aka "Microsoft Project Remote Code Execution Vulnerability." This affects Microsoft Project, Office 365 ProPlus, Microsoft Project Server.

Affected products

• Microsoft / Microsoft Project2010 Service Pack 2 (32-bit editions) – 2010 Service Pack 2 (32-bit editions)
• Microsoft / Microsoft Project2010 Service Pack 2 (64-bit editions) – 2010 Service Pack 2 (64-bit editions)
• Microsoft / Microsoft Project2016 (32-bit edition) – 2016 (32-bit edition)
• Microsoft / Microsoft Project2016 (64-bit edition) – 2016 (64-bit edition)
• Microsoft / Microsoft Project Server2013 Service Pack 1 (64-bit edition) – 2013 Service Pack 1 (64-bit edition)
• Microsoft / Microsoft Project Server2013 Service Pack 1 (32-bit edition) – 2013 Service Pack 1 (32-bit edition)
• Microsoft / office365 ProPlus for 32-bit Systems – 365 ProPlus for 32-bit Systems
• Microsoft / office365 ProPlus for 64-bit Systems – 365 ProPlus for 64-bit Systems

References

• VENDOR_ADVISORYhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8575
• MISChttp://www.securityfocus.com/bid/105807
• MISChttp://www.securitytracker.com/id/1042116