What is CVE-2018-8587?

CVE-2018-8587 is a vulnerability in Microsoft Office. Published 2018-12-12.

Is CVE-2018-8587 known to be exploited?

3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Microsoft Office

CVE-2018-8587

A remote code execution vulnerability exists in Microsoft Outlook software when it fails to properly handle objects in memory, aka "Microsoft Outlook Remote Code Execution Vulnerability." This affects Office 365 ProPlus, Microsoft Office…

EPSS: 0.435 (97.6th percentile) — read the EPSS interpretation.

Affected products

Microsoft Office — versions 2019 for 32-bit editions, 2019 for 64-bit editions
Microsoft Outlook — versions 2010 Service Pack 2 (32-bit editions), 2010 Service Pack 2 (64-bit editions), 2013 RT Service Pack 1
Microsoft Office — versions 365 ProPlus for 32-bit Systems, 365 ProPlus for 64-bit Systems

Public proof-of-concept exploits

References

106097 (vdb-entry, x_refsource_BID)
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8587 (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2018-8587?: CVE-2018-8587 is a vulnerability in Microsoft Office. Published 2018-12-12.
Is CVE-2018-8587 known to be exploited?: 3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.