What is CVE-2018-8302?

CVE-2018-8302 is a vulnerability in Microsoft Exchange Server. Published 2018-08-15.

Is CVE-2018-8302 known to be exploited?

3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Microsoft Exchange Server

CVE-2018-8302

A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka "Microsoft Exchange Memory Corruption Vulnerability." This affects Microsoft Exchange Server.

EPSS: 0.384 (97.3th percentile) — read the EPSS interpretation.

Affected products

Microsoft Exchange Server — versions 2010 Service Pack 3 Update Rollup 23, 2013 Cumulative Update 20, 2013 Cumulative Update 21

Public proof-of-concept exploits

References

portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8302 (x_refsource_CONFIRM)
104973 (vdb-entry, x_refsource_BID)
1041468 (vdb-entry, x_refsource_SECTRACK)

Frequently asked questions

What is CVE-2018-8302?: CVE-2018-8302 is a vulnerability in Microsoft Exchange Server. Published 2018-08-15.
Is CVE-2018-8302 known to be exploited?: 3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.