Attacker Value
Moderate
(1 user assessed)
Exploitability
Moderate
(1 user assessed)
User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
0

CVE-2018-8174

Disclosure Date: May 09, 2018
Exploited in the Wild
Reported by AttackerKB Worker and 2 more...
View Source Details
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka “Windows VBScript Engine Remote Code Execution Vulnerability.” This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.

Add Assessment

1
Ratings
Technical Analysis

This vulnerability is a Use-After-Free in the Microsoft VBScript engine. Originally exploited in the wild, attackers used a technique to force the exploit code to be opened with Internet Explorer by embedding a resource into a Rich Text File (RTF). This technique would allow attackers to more reliably exploit targets, even when a non-IE browser was configured as the default.

The Use After Free is related to arbitrary VB object. When two arrays reference the same object, and one array is deleted, the second array is left with a dangling reference.

CVSS V3 Severity and Metrics
Base Score:
None
Impact Score:
Unknown
Exploitability Score:
Unknown
Vector:
Unknown
Attack Vector (AV):
Unknown
Attack Complexity (AC):
Unknown
Privileges Required (PR):
Unknown
User Interaction (UI):
Unknown
Scope (S):
Unknown
Confidentiality (C):
Unknown
Integrity (I):
Unknown
Availability (A):
Unknown

General Information

Vendors

  • microsoft

Products

  • windows 10 -,
  • windows 10 1607,
  • windows 10 1703,
  • windows 10 1709,
  • windows 10 1803,
  • windows 7 -,
  • windows 8.1 -,
  • windows rt 8.1 -,
  • windows server 2008 -,
  • windows server 2008 r2,
  • windows server 2012 -,
  • windows server 2012 r2,
  • windows server 2016 -,
  • windows server 2016 1709,
  • windows server 2016 1803

Exploited in the Wild

Reported by:

Additional Info

Technical Analysis