Main Vulnerability Database Vulnerabilities #VU15880

Memory corruption in Windows and Windows Server - CVE-2018-8450

Published: November 14, 2018

Vulnerability identifier: #VU15880

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2018-8450

CWE-ID: CWE-119

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Microsoft

Affected software:
Windows
Windows Server

Detailed vulnerability description

The vulnerability allows a remote authenticated attacker to execute arbitrary code on the target system.

The vulnerability exists due to improper handling of objects in memory within Windows Search. A remote attacker can send specially crafted messages to the Windows Search service, trigger the vulnerability through an SMB connection and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

How to mitigate CVE-2018-8450

Install updates from vendor's website.

Sources

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8450

Memory corruption in Windows and Windows Server - CVE-2018-8450

Detailed vulnerability description

How to mitigate CVE-2018-8450

Sources

Please verify you're human