Main
Vulnerability Database
Exploits
ID:8207 - Exploit for Memory corruption in Microsoft products - CVE-2018-8174
ID:8207 - Exploit for Memory corruption in Microsoft products - CVE-2018-8174
Published: August 2, 2022
Vulnerability identifier: #VU12077
Vulnerability risk: Critical
CVE-ID: CVE-2018-8174
CWE-ID: CWE-119
Exploitation vector: Remote access
Vulnerable software:
Windows
Windows Live Messenger
Windows Server
Windows
Windows Live Messenger
Windows Server
Link to public exploit:
Vulnerability description
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the VBScript engine. A remote attacker can trick the victim into visiting a specially crafted website or open a malicious Office file and execute arbitrary code on the target system.
Note: the vulnerability is being actively exploited in the wild against victims in Asia region. The vulnerability is dubbed "double play".
The vulnerability exists due to a boundary error within the VBScript engine. A remote attacker can trick the victim into visiting a specially crafted website or open a malicious Office file and execute arbitrary code on the target system.
Note: the vulnerability is being actively exploited in the wild against victims in Asia region. The vulnerability is dubbed "double play".
Remediation
Install updates from vendor's website.