7.6

CVE-2018-8174

Warnung
Exploit
A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka "Windows VBScript Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MicrosoftWindows 10 1607 Version-
MicrosoftWindows 10 1703 Version-
MicrosoftWindows 10 1709 Version-
MicrosoftWindows 10 1803 Version-
MicrosoftWindows 7 Version- Updatesp1
MicrosoftWindows 8.1 Version-
MicrosoftWindows Rt 8.1 Version-
MicrosoftWindows Server 2008 Version- Updatesp2
MicrosoftWindows Server 2008 Versionr2 Updatesp1 HwPlatformitanium
MicrosoftWindows Server 2008 Versionr2 Updatesp1 HwPlatformx64

15.02.2022: CISA Known Exploited Vulnerabilities (KEV) Catalog

Microsoft Windows VBScript Engine Out-of-Bounds Write Vulnerability

Schwachstelle

A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka "Windows VBScript Engine Remote Code Execution"

Beschreibung

Apply updates per vendor instructions.

Erforderliche Maßnahmen
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 87.81% 0.997
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 1.6 5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov 7.6 4.9 10
AV:N/AC:H/Au:N/C:C/I:C/A:C
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.5 1.6 5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

http://www.securityfocus.com/bid/103998
Third Party Advisory
VDB Entry
https://blog.0patch.com/2018/05/a-single-instruction-micropatch-for.html
Third Party Advisory
Exploit
Technical Description
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8174
Patch
Vendor Advisory
https://www.exploit-db.com/exploits/44741/
Third Party Advisory
Exploit
VDB Entry
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-8174
US Government Resource