Main
Vulnerability Database
Exploits
ID:4841 - Exploit for Memory corruption in Microsoft products - CVE-2018-8174
ID:4841 - Exploit for Memory corruption in Microsoft products - CVE-2018-8174
Published: November 17, 2020
Vulnerability identifier: #VU12077
Vulnerability risk: Critical
CVE-ID: CVE-2018-8174
CWE-ID: CWE-119
Exploitation vector: Remote access
Vulnerable software:
Windows
Windows Live Messenger
Windows Server
Windows
Windows Live Messenger
Windows Server
Link to public exploit:
Vulnerability description
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the VBScript engine. A remote attacker can trick the victim into visiting a specially crafted website or open a malicious Office file and execute arbitrary code on the target system.
Note: the vulnerability is being actively exploited in the wild against victims in Asia region. The vulnerability is dubbed "double play".
The vulnerability exists due to a boundary error within the VBScript engine. A remote attacker can trick the victim into visiting a specially crafted website or open a malicious Office file and execute arbitrary code on the target system.
Note: the vulnerability is being actively exploited in the wild against victims in Asia region. The vulnerability is dubbed "double play".
Remediation
Install updates from vendor's website.