- Home
- CVEs with nessus.description==The remote Windows host is missing security updates. It is,
therefore, affected by multiple vulnerabilities :
- A remote code execution vulnerability exists in the Credential
Security Support Provider protocol (CredSSP). An attacker who
successfully exploits this vulnerability could relay user
credentials and use them to execute code on the target host.
(CVE-2018-0886)
- An elevation of privilege vulnerability exists when the
Windows kernel fails to properly handle objects in
memory. An attacker who successfully exploited this
vulnerability could run arbitrary code in kernel mode.
An attacker could then install programs; view, change,
or delete data; or create new accounts with full user
rights. (CVE-2018-8897)
- An elevation of privilege vulnerability exists when the
Windows Common Log File System (CLFS) driver improperly
handles objects in memory. An attacker who successfully
exploited this vulnerability could run processes in an
elevated context. (CVE-2018-8167)
- An elevation of privilege vulnerability exists in
Windows when the Win32k component fails to properly
handle objects in memory. An attacker who successfully
exploited this vulnerability could run arbitrary code in
kernel mode. An attacker could then install programs;
view, change, or delete data; or create new accounts
with full user rights. (CVE-2018-8120, CVE-2018-8124,
CVE-2018-8164, CVE-2018-8166)
- A remote code execution vulnerability exists in
"Microsoft COM for Windows" when it fails to
properly handle serialized objects. An attacker who
successfully exploited the vulnerability could use a
specially crafted file or script to perform actions. In
an email attack scenario, an attacker could exploit the
vulnerability by sending the specially crafted file to
the user and convincing the user to open the file.
(CVE-2018-0824)
- A remote code execution vulnerability exists in the way
that the VBScript engine handles objects in memory. The
vulnerability could corrupt memory in such a way that an
attacker could execute arbitrary code in the context of
the current user. An attacker who successfully exploited
the vulnerability could gain the same user rights as the
current user. (CVE-2018-8174)
- A remote code execution vulnerability exists when
Windows Hyper-V on a host server fails to properly
validate input from an authenticated user on a guest
operating system. (CVE-2018-0959)
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top