ID CVE-2018-8245
Summary A remote code execution vulnerability exists when Microsoft Publisher fails to utilize features that lock down the Local Machine zone when instantiating OLE objects, aka "Microsoft Publisher Remote Code Execution Vulnerability." This affects Microsoft Publisher.
References
Vulnerable Configurations
CVSS
Base: None
Impact:
Exploitability:
msbulletin via4
bulletin_SOURCE_FILE https://portal.msrc.microsoft.com/api/security-guidance/en-us/
cves_url https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8245
impact Remote Code Execution
knowledgebase_SOURCE_FILE
knowledgebase_id
name Microsoft Publisher 2010 Service Pack 2 (32-bit editions)
publishedDate 2018-06-12T07:00:00
severity Important
nessus via4
NASL family Windows : Microsoft Bulletins
NASL id SMB_NT_MS18_JUN_PUBLISHER.NASL
description The Microsoft Publisher Products are missing a security update. It is, therefore, affected by the following vulnerability : - An elevation of privilege vulnerability exists when Microsoft Publisher fails to utilize features that lock down the Local Machine zone when instantiating OLE objects. An attacker who successfully exploited the vulnerability could force arbitrary code to be executed in the Local Machine zone. (CVE-2018-8245)
last seen 2018-06-15
modified 2018-06-14
plugin id 110500
published 2018-06-12
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=110500
title Security Updates for Microsoft Publisher Products (June 2018)
refmap via4
bid 104405
confirm https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8245
sectrack 1041105
Last major update 14-06-2018 - 08:29
Published 14-06-2018 - 08:29
Last modified 20-06-2018 - 21:29
Back to Top