[Overview]
Microsoft Office is an office software suite based on the Windows operating system, including Word, Excel, etc. Microsoft Graph is a component for document insertion and charts and graphs editing. Recently, Microsoft fixed a remote code execution vulnerability in Office.
[Vulnerability Details]
CVE-2018-8157: This vulnerability is due to incorrect verification of PaletteRecord when processing Office BIFF3 version (Binary Swap File Format) Chart Sheet Substream. Hackers can send specially designed files to users through e-mail attacks. If a user opens a file with a vulnerable version of Office, the hackers will execute arbitrary code in the current user context.
Vulnerability Source: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8157
[Severity]
Critical
[Affected Version]
- Microsoft Office 2010 Service Pack 2
- Microsoft Office 2013 RT Service Pack 1
- Microsoft Office 2013 Service Pack 1
- Microsoft Office 2016
- Microsoft Office 2016 Click-to-Run (C2R)
[Suggestions]
Update the bug fix release provided by Microsoft to eliminate the damage caused by the vulnerability.
Avoid clicking on attachments or links from untrusted sources in suspicious emails.
Official statement: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8157
[Hillstone Networks Solution]
Hillstone Networks has added signatures to the IPS signature database version 2.1.242. By deploying any Hillstone Networks solution with the IPS function, the Microsoft Office Graph Chart Out-Of-Bounds Write vulnerability can be quickly detected and effectively intercepted, preventing the server from being attacked.
Threat Events Detected by Hillstone Solutions
Vulnerability Detail Description
