Remote code execution in Windows DNSAPI

Published: 2018-06-12 21:18:10
Severity High
Patch available YES
Number of vulnerabilities 1
CVE ID CVE-2018-8225
CVSSv3 7.8 [CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CWE ID CWE-119
Exploitation vector Network
Public exploit N/A
Vulnerable software Windows
Windows Server
Vulnerable software versions Windows 8.1
Windows 7
Windows 10
Windows RT 8.1
Windows Server 2012
Windows Server 2012 R2
Windows Server 2008
Windows Server 2008 R2
Windows Server 2016
Vendor URL Microsoft

Security Advisory

1) Buffer overflow

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to boundary error within DNSAPI.dll when handling responses from DNS server. A remote attacker can host a malicious DNS server, trick the client to send a request to that DNS server, trigger memory corruption and execute arbitrary code on the vulnerable system in the context of the Local System Account. 

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Remediation

Install updates from vendor's website.

External links

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8225

Back to List