Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally.
According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L), no loss to integrity (I:N) and lead to some loss of availability (A:L). What is the impact of this vulnerability? Successful exploitation of this vulnerability could allow an attacker to access limited sensitive information from system memory and may cause intermittent interruptions or reduced performance in the affected application. However, it would not allow the attacker to modify data. What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? An attacker must send a user a malicious Office file and convince them to open it. Is the Preview Pane an attack vector for this vulnerability? No, the Preview Pane is not an attack vector.
Haein Lee