Security restrictions bypass in Microsoft JScript
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2018-8417 |
| CWE-ID | CWE-264 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Windows Operating systems & Components / Operating system Windows Server Operating systems & Components / Operating system |
| Vendor | Microsoft |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Security restrictions bypass
EUVDB-ID: #VU15872
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-8417
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a physical attacker to bypass security restrictions on the target system.
The weakness exists due to an error when Microsoft JScript manages COM object creation. A physical attacker can run a specially crafted application to bypass security restrictions and create arbitrary COM objects.
Install updates from vendor's website.
Vulnerable software versionsWindows: 10 - 10 1809
Windows Server: 2016 - 2019 1803
External linkshttp://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8417
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
