CVE-2022-26903

HIGH7.8

JSON export Create alert

Description

Windows Graphics Component Remote Code Execution Vulnerability

CVSS breakdown

CVSS 3.1

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Unchanged

Changed

Affected products

Microsoft / Microsoft Excel for Android16.0.0.0 – 16.0.15028.20140
Microsoft / Microsoft Excel Mobile16.0.0.0 – 16.0.14326.20910
Microsoft / Microsoft PowerPoint for Android16.0.0.0 – 16.0.15028.20116
Microsoft / Microsoft PowerPoint Mobile16.0.0.0 – 16.0.14326.20910
Microsoft / Microsoft Word for Android16.0.0.0 – 16.0.15028.20116
Microsoft / Microsoft Word Mobile16.0.0.0 – 16.0.14326.20910
Microsoft / Windows 10 Version 150710.0.10240.0 – 10.0.10240.19265
Microsoft / Windows 10 Version 160710.0.14393.0 – 10.0.14393.5066
Microsoft / Windows 10 Version 180910.0.17763.0 – 10.0.17763.2803
Microsoft / Windows 10 Version 180910.0.0 – 10.0.17763.2803
Microsoft / Windows 10 Version 190910.0.0 – 10.0.18363.2212
Microsoft / Windows 10 Version 20H210.0.0 – 10.0.19042.1645
Microsoft / Windows 10 Version 21H110.0.0 – 10.0.19043.1645
Microsoft / Windows 10 Version 21H210.0.19043.0 – 10.0.19043.1645
Microsoft / Windows 76.1.0 – 6.1.7601.25924
Microsoft / Windows 7 Service Pack 16.1.0 – 6.1.7601.25924
Microsoft / Windows 8.16.3.0 – 6.3.9600.20337
Microsoft / Windows Server 2008 R2 Service Pack 16.1.7601.0 – 6.1.7601.25924
Microsoft / Windows Server 2008 R2 Service Pack 1 (Server Core installation)6.1.7601.0 – 6.1.7601.25924
Microsoft / Windows Server 2008 Service Pack 26.0.6003.0 – 6.0.6003.21446
Microsoft / Windows Server 2008 Service Pack 2 (Server Core installation)6.0.6003.0 – 6.0.6003.21446
Microsoft / Windows Server 20126.2.9200.0 – 6.2.9200.23679
Microsoft / Windows Server 2012 R26.3.9600.0 – 6.3.9600.20337
Microsoft / Windows Server 2012 R2 (Server Core installation)6.3.9600.0 – 6.3.9600.20337
Microsoft / Windows Server 2012 (Server Core installation)6.2.9200.0 – 6.2.9200.23679
Microsoft / Windows Server 201610.0.14393.0 – 10.0.14393.5066
Microsoft / Windows Server 2016 (Server Core installation)10.0.14393.0 – 10.0.14393.5066
Microsoft / Windows Server 201910.0.17763.0 – 10.0.17763.2803
Microsoft / Windows Server 2019 (Server Core installation)10.0.17763.0 – 10.0.17763.2803
Microsoft / Windows Server 202210.0.20348.0 – 10.0.20348.643
Microsoft / Windows Server version 20H210.0.0 – 10.0.19042.1645

References

VENDOR_ADVISORYhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26903