7.6

CVE-2018-8619

Exploit

A remote code execution vulnerability exists when the Internet Explorer VBScript execution policy does not properly restrict VBScript under specific conditions, aka "Internet Explorer Remote Code Execution Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MicrosoftInternet Explorer Version9
   MicrosoftWindows Server 2008 Version- Updatesp2
MicrosoftInternet Explorer Version10
   MicrosoftWindows Server 2012 Version-
MicrosoftInternet Explorer Version11 Update-
   MicrosoftWindows 10 Version-
   MicrosoftWindows 10 Version1607
   MicrosoftWindows 10 Version1703
   MicrosoftWindows 10 Version1709
   MicrosoftWindows 10 Version1803
   MicrosoftWindows 10 Version1809
   MicrosoftWindows 7 Version- Updatesp1
   MicrosoftWindows 8.1 Version- SwEditionpro_n
   MicrosoftWindows Rt 8.1 Version-
   MicrosoftWindows Server 2012 Versionr2
   MicrosoftWindows Server 2016 Version-
   MicrosoftWindows Server 2019 Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 58.54% 0.982
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 1.6 5.9
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov 7.6 4.9 10
AV:N/AC:H/Au:N/C:C/I:C/A:C
CWE-269 Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

http://www.securityfocus.com/bid/106119
Third Party Advisory
VDB Entry
https://www.exploit-db.com/exploits/46023/
Third Party Advisory
Exploit
VDB Entry