Security restrictions bypass in Microsoft JScript

Published: 2018-11-13 23:50:59
Severity Low
Patch available YES
Number of vulnerabilities 1
CVE ID CVE-2018-8417
CVSSv3 3.8 [CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CWE ID CWE-264
Exploitation vector Local
Public exploit N/A
Vulnerable software Windows
Windows Server
Vulnerable software versions Windows 10
Windows 10 1607
Windows 10 1703

Show more

Windows Server 2016
Windows Server 2019
Windows Server 1709
Windows Server 1803
Vendor URL Microsoft

Security Advisory

1) Security restrictions bypass

Description

The vulnerability allows a physical attacker to bypass security restrictions on the target system.

The weakness exists due to an error when Microsoft JScript manages COM object creation. A physical attacker can run a specially crafted application to bypass security restrictions and create arbitrary COM objects.

Remediation

Install updates from vendor's website.

External links

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8417

Back to List