Think you have a false positive on this rule?

Sid 1-46183


FILE-OFFICE Microsoft Office Excel graphics remote code execution attempt


This event is generated when graphics related remote code execution is attempted in MS Excel


Misc activity


CVSS base score 8.8

CVSS impact score 5.9

CVSS exploitability score 2.8

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Detailed information

CVE-2018-1028: A remote code execution vulnerability exists when the Office graphics component improperly handles specially crafted embedded fonts, aka "Microsoft Office Graphics Remote Code Execution Vulnerability." This affects Word, Microsoft Office, Microsoft SharePoint, Excel, Microsoft SharePoint Server.

Affected systems

  • microsoft excel_services -
  • microsoft office 2013
  • microsoft office 2013_rt
  • microsoft office 2016
  • microsoft office_2010 *
  • microsoft officewebapps 2010
  • microsoft officewebapps 2013
  • microsoft sharepointenterpriseserver 2013
  • microsoft sharepointenterpriseserver 2016
  • microsoft wordautomationservices -

Ease of attack


Access Vector

Access Complexity


False positives

False negatives

Corrective action


  • Cisco's Talos Intelligence Group

Additional References