Show vulnerabilities with patch / with exploit

Remote code execution in Microsoft VBScript engine



Published: 2018-04-21 | Updated: 2018-05-08
Severity Critical
Patch available YES
Number of vulnerabilities 1
CVE ID CVE-2018-8174
CWE ID CWE-119
Exploitation vector Network
Public exploit This vulnerability is being exploited in the wild.
Vulnerable software
Subscribe
Windows
Operating systems & Components / Operating system

Windows Server
Operating systems & Components / Operating system

Windows Live Messenger
Client/Desktop applications / Messaging software

Vendor Microsoft

Security Advisory

The vulnerability description was updated on May 8, 2018 according to Microsoft advisory.

1) Memory corruption

Severity: Critical

CVSSv3: 9.2 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:H/RL:O/RC:C] [PCI]

CVE-ID: CVE-2018-8174

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: Yes [Search exploit]

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the VBScript engine. A remote attacker can trick the victim into visiting a specially crafted website or open a malicious Office file and execute arbitrary code on the target system.

Note: the vulnerability is being actively exploited in the wild against victims in Asia region. The vulnerability is dubbed "double play".

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Windows: 7, 10, RT 8.1

Windows Live Messenger: 8.1

Windows Server: 2008, 2008 R2, 2012, 2012 R2, 2016

CPE External links

https://twitter.com/360CoreSec/status/987229032994361345
https://www.eshlomo.us/apt-group-exploited-unpatched-0-day-in-ie/
https://www.bleepingcomputer.com/news/security/internet-explorer-zero-day-exploited-in-the-wild-by-a...
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8174

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.