ID CVE-2018-8309
Summary A denial of service vulnerability exists when Windows improperly handles objects in memory, aka "Windows Denial of Service Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
References
Vulnerable Configurations
  • cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:itanium:*:*:*
    cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:itanium:*:*:*
  • cpe:2.3:o:microsoft:windows_server_2008:r2:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_server_2008:r2:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:itanium:*:*:*
    cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:itanium:*:*:*
  • cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_server_2016:1709:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_server_2016:1709:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_server_2016:1803:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_server_2016:1803:*:*:*:*:*:*:*
CVSS
Base: 4.9 (as of 05-09-2018 - 14:09)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE COMPLETE
cvss-vector via4 AV:L/AC:L/Au:N/C:N/I:N/A:C
refmap via4
bid 104648
confirm https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8309
sectrack 1041262
Last major update 05-09-2018 - 14:09
Published 11-07-2018 - 00:29
Last modified 24-08-2020 - 17:37
Back to Top