|
|
|||
| Rule General Information |
|---|
| Release Date: | 2019-06-20 | |
| Rule Name: | Windows VBScript Engine Use After Free Vulnerability (CVE-2018-8174) | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka "Windows VBScript Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | |
| Impact: | A use-after-free vulnerability can be exploited by an attacker in the vulnerable product. Successful exploit may cause some adverse consequences, such as crash of the product, execution of arbitrary code. | |
| Affected OS: | Windows, Linux, FreeBSD, Solaris, Other Unix, Network Device, Mac OS, iOS, Android, Others | |
| Reference: | SecurityFocusBID:103998 ExploitDB:44741 https://blog.0patch.com/2018/05/a-single-instruction-micropatch-for.html https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8174 |
|
| Solutions |
|---|
| The vendors have released upgrade patches to fix vulnerabilities, please visit: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8174 |