Overview
- Description
- A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka "Microsoft Exchange Memory Corruption Vulnerability." This affects Microsoft Exchange Server. This CVE ID is unique from CVE-2018-8151.
- Source
- secure@microsoft.com
- NVD status
- Modified
Risk scores
CVSS 3.0
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
CVSS 2.0
- Type
- Primary
- Base score
- 10
- Impact score
- 10
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:C/I:C/A:C
Weaknesses
- nvd@nist.gov
- CWE-787
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:2010:sp3:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3E5EA9AD-1E84-4AB5-A1EF-3B9F2AC84755"
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_19:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "20E4796E-3E9B-473E-A7E3-498540185FBF"
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_20:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8076F450-BC75-420B-99F7-05D3CCA50E74"
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:2013:sp1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0C21F84B-E99C-451D-9EAF-6352FD2B0EAF"
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_8:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "075E907F-AF2F-4C31-86C7-51972BE412A1"
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_9:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "69AF19DC-3D65-49A8-A85F-511085CDF27B"
}
],
"operator": "OR"
}
]
}
]