#VU14818 Out-of-bounds write in Windows and Windows Server - CVE-2018-8423
Published: September 21, 2018 / Updated: October 14, 2018
Vulnerability identifier: #VU14818
Vulnerability risk: High
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber
CVE-ID: CVE-2018-8423
CWE-ID: CWE-787
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Windows
Windows Server
Windows
Windows Server
Software vendor:
Microsoft
Microsoft
Description
The vulnerability allows a remote attacker to compromise affected system.
The vulnerability exists due to a boundary error within the Microsoft Jet database engine when processing indexes in database files. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger out-of-bounds write and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
Remediation
Microsoft has issued security patch to address this vulnerability on October 9. However patch was insufficient and did not cover all available attack vectors. The vulnerability remains unpatched.