What is CVE-2018-8430?

CVE-2018-8430 is a vulnerability in Microsoft Office. Published 2018-09-13.

Is CVE-2018-8430 known to be exploited?

3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Microsoft Office

CVE-2018-8430

A remote code execution vulnerability exists in Microsoft Word if a user opens a specially crafted PDF file, aka "Word PDF Remote Code Execution Vulnerability." This affects Microsoft Word, Microsoft Office.

EPSS: 0.339 (97.1th percentile) — read the EPSS interpretation.

Affected products

Microsoft Office — versions 2016 Click-to-Run (C2R) for 32-bit editions, 2016 Click-to-Run (C2R) for 64-bit editions
Microsoft Word — versions 2013 RT Service Pack 1, 2013 Service Pack 1 (32-bit editions), 2013 Service Pack 1 (64-bit editions)

Public proof-of-concept exploits

References

portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8430 (x_refsource_CONFIRM)
105212 (vdb-entry, x_refsource_BID)
1041638 (vdb-entry, x_refsource_SECTRACK)

Frequently asked questions

What is CVE-2018-8430?: CVE-2018-8430 is a vulnerability in Microsoft Office. Published 2018-09-13.
Is CVE-2018-8430 known to be exploited?: 3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.