Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2018-AVI-484
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été corrigées dans Microsoft Windows. Elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données, une élévation de privilèges, une exécution de code à distance et un contournement de la fonctionnalité de sécurité.
La vulnérabilité CVE-2018-8453 est publiquement exploitée.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Microsoft | Windows | Windows Server 2012 | ||
| Microsoft | Windows | Windows 10 pour systèmes x64 | ||
| Microsoft | Windows | Windows 10 Version 1809 pour systèmes x64 | ||
| Microsoft | Windows | Windows Server 2019 (Server Core installation) | ||
| Microsoft | Windows | Windows Server 2019 | ||
| Microsoft | Windows | Windows Server 2012 R2 | ||
| Microsoft | Windows | Windows Server 2008 R2 pour systèmes Itanium Service Pack 1 | ||
| Microsoft | Windows | Windows 10 Version 1803 pour systèmes 32 bits | ||
| Microsoft | Windows | Windows 10 Version 1607 pour systèmes 32 bits | ||
| Microsoft | Windows | Windows 10 Version 1803 pour systèmes x64 | ||
| Microsoft | Windows | Windows Server 2008 pour systèmes x64 Service Pack 2 | ||
| Microsoft | Windows | Windows 10 Version 1809 pour systèmes 32 bits | ||
| Microsoft | Windows | Windows Server, version 1803 (Server Core Installation) | ||
| Microsoft | Windows | Windows 10 Version 1709 pour systèmes 32 bits | ||
| Microsoft | Windows | Windows Server 2016 (Server Core installation) | ||
| Microsoft | Windows | Windows RT 8.1 | ||
| Microsoft | Windows | Windows Server, version 1709 (Server Core Installation) | ||
| Microsoft | Windows | Windows 7 pour systèmes x64 Service Pack 1 | ||
| Microsoft | Windows | Windows Server 2008 pour systèmes x64 Service Pack 2 (Server Core installation) | ||
| Microsoft | Windows | Windows Server 2008 pour systèmes 32 bits Service Pack 2 (Server Core installation) | ||
| Microsoft | Windows | Windows 10 Version 1607 pour systèmes x64 | ||
| Microsoft | Windows | Windows 10 Version 1703 pour systèmes x64 | ||
| Microsoft | Windows | Windows Server 2012 (Server Core installation) | ||
| Microsoft | Windows | Windows Server 2008 pour systèmes 32 bits Service Pack 2 | ||
| Microsoft | Windows | Windows Server 2008 R2 pour systèmes x64 Service Pack 1 | ||
| Microsoft | Windows | Windows 8.1 pour systèmes x64 | ||
| Microsoft | Windows | Windows 10 Version 1703 pour systèmes 32 bits | ||
| Microsoft | Windows | Windows Server 2016 | ||
| Microsoft | Windows | Windows Server 2008 pour systèmes Itanium Service Pack 2 | ||
| Microsoft | Windows | Windows 8.1 pour systèmes 32 bits | ||
| Microsoft | Windows | Windows Server 2008 R2 pour systèmes x64 Service Pack 1 (Server Core installation) | ||
| Microsoft | Windows | Windows Server 2012 R2 (Server Core installation) | ||
| Microsoft | Windows | Windows 10 pour systèmes 32 bits | ||
| Microsoft | Windows | Windows 7 pour systèmes 32 bits Service Pack 1 | ||
| Microsoft | Windows | Windows 10 Version 1709 pour systèmes x64 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Windows Server 2012",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 pour syst\u00e8mes x64",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 1809 pour syst\u00e8mes x64",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2019 (Server Core installation)",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2019",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2012 R2",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2008 R2 pour syst\u00e8mes Itanium Service Pack 1",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 1803 pour syst\u00e8mes 32 bits",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 1607 pour syst\u00e8mes 32 bits",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 1803 pour syst\u00e8mes x64",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2008 pour syst\u00e8mes x64 Service Pack 2",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 1809 pour syst\u00e8mes 32 bits",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server, version 1803 (Server Core Installation)",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 1709 pour syst\u00e8mes 32 bits",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2016 (Server Core installation)",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows RT 8.1",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server, version 1709 (Server Core Installation)",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 7 pour syst\u00e8mes x64 Service Pack 1",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2008 pour syst\u00e8mes x64 Service Pack 2 (Server Core installation)",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2008 pour syst\u00e8mes 32 bits Service Pack 2 (Server Core installation)",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 1607 pour syst\u00e8mes x64",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 1703 pour syst\u00e8mes x64",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2012 (Server Core installation)",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2008 pour syst\u00e8mes 32 bits Service Pack 2",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2008 R2 pour syst\u00e8mes x64 Service Pack 1",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 8.1 pour syst\u00e8mes x64",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 1703 pour syst\u00e8mes 32 bits",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2016",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2008 pour syst\u00e8mes Itanium Service Pack 2",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 8.1 pour syst\u00e8mes 32 bits",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2008 R2 pour syst\u00e8mes x64 Service Pack 1 (Server Core installation)",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2012 R2 (Server Core installation)",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 pour syst\u00e8mes 32 bits",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 7 pour syst\u00e8mes 32 bits Service Pack 1",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 1709 pour syst\u00e8mes x64",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2018-8329",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-8329"
},
{
"name": "CVE-2018-8484",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-8484"
},
{
"name": "CVE-2018-8492",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-8492"
},
{
"name": "CVE-2018-8506",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-8506"
},
{
"name": "CVE-2018-8423",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-8423"
},
{
"name": "CVE-2018-8453",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-8453"
},
{
"name": "CVE-2018-8486",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-8486"
},
{
"name": "CVE-2018-8330",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-8330"
},
{
"name": "CVE-2018-8432",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-8432"
},
{
"name": "CVE-2018-8490",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-8490"
},
{
"name": "CVE-2018-8497",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-8497"
},
{
"name": "CVE-2018-8333",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-8333"
},
{
"name": "CVE-2018-8494",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-8494"
},
{
"name": "CVE-2018-8411",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-8411"
},
{
"name": "CVE-2018-8493",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-8493"
},
{
"name": "CVE-2018-8320",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-8320"
},
{
"name": "CVE-2018-8427",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-8427"
},
{
"name": "CVE-2018-8482",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-8482"
},
{
"name": "CVE-2018-8413",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-8413"
},
{
"name": "CVE-2018-8489",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-8489"
},
{
"name": "CVE-2018-8472",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-8472"
},
{
"name": "CVE-2018-8495",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-8495"
},
{
"name": "CVE-2018-8481",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-8481"
}
],
"links": [],
"reference": "CERTFR-2018-AVI-484",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2018-10-10T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la fonctionnalit\u00e9 de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eMicrosoft Windows\u003c/span\u003e. Elles permettent \u00e0 un attaquant\nde provoquer une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es, une\n\u00e9l\u00e9vation de privil\u00e8ges, une ex\u00e9cution de code \u00e0 distance et un\ncontournement de la fonctionnalit\u00e9 de s\u00e9curit\u00e9.\n\nLa vuln\u00e9rabilit\u00e9 CVE-2018-8453 est publiquement exploit\u00e9e.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Windows",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 09 octobre 2018",
"url": "https://portal.msrc.microsoft.com/fr-FR/security-guidance"
}
]
}
CVE-2018-8320 (GCVE-0-2018-8320)
Vulnerability from cvelistv5 – Published: 2018-10-10 13:00 – Updated: 2024-08-05 06:54
VLAI
EPSS
Summary
A security feature bypass vulnerability exists in DNS Global Blocklist feature, aka "Windows DNS Security Feature Bypass Vulnerability." This affects Windows Server 2012 R2, Windows Server 2008, Windows Server 2012, Windows Server 2019, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
Severity
No CVSS data available.
CWE
- Security Feature Bypass
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/105503 | vdb-entryx_refsource_BID |
| https://portal.msrc.microsoft.com/en-US/security-… | x_refsource_CONFIRM |
| http://www.securitytracker.com/id/1041830 | vdb-entryx_refsource_SECTRACK |
Impacted products
8 products
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Windows Server 2012 R2 |
Affected:
(Server Core installation)
|
|
| Microsoft | Windows Server 2008 |
Affected:
32-bit Systems Service Pack 2
Affected: 32-bit Systems Service Pack 2 (Server Core installation) Affected: Itanium-Based Systems Service Pack 2 Affected: x64-based Systems Service Pack 2 Affected: x64-based Systems Service Pack 2 (Server Core installation) |
|
| Microsoft | Windows Server 2012 |
Affected:
(Server Core installation)
|
|
| Microsoft | Windows Server 2019 |
Affected:
(Server Core installation)
|
|
| Microsoft | Windows Server 2016 |
Affected:
(Server Core installation)
|
|
| Microsoft | Windows Server 2008 R2 |
Affected:
Itanium-Based Systems Service Pack 1
Affected: x64-based Systems Service Pack 1 Affected: x64-based Systems Service Pack 1 (Server Core installation) |
|
| Microsoft | Windows 10 |
Affected:
Version 1607 for 32-bit Systems
Affected: Version 1607 for x64-based Systems Affected: Version 1709 for 32-bit Systems Affected: Version 1709 for x64-based Systems Affected: Version 1803 for 32-bit Systems Affected: Version 1803 for x64-based Systems Affected: Version 1809 for 32-bit Systems Affected: Version 1809 for x64-based Systems |
|
| Microsoft | Windows 10 Servers |
Affected:
version 1709 (Server Core Installation)
Affected: version 1803 (Server Core Installation) |
Date Public
2018-10-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:54:35.209Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "105503",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105503"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8320"
},
{
"name": "1041830",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1041830"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Windows Server 2012 R2",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "(Server Core installation)"
}
]
},
{
"product": "Windows Server 2008",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "32-bit Systems Service Pack 2"
},
{
"status": "affected",
"version": "32-bit Systems Service Pack 2 (Server Core installation)"
},
{
"status": "affected",
"version": "Itanium-Based Systems Service Pack 2"
},
{
"status": "affected",
"version": "x64-based Systems Service Pack 2"
},
{
"status": "affected",
"version": "x64-based Systems Service Pack 2 (Server Core installation)"
}
]
},
{
"product": "Windows Server 2012",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "(Server Core installation)"
}
]
},
{
"product": "Windows Server 2019",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "(Server Core installation)"
}
]
},
{
"product": "Windows Server 2016",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "(Server Core installation)"
}
]
},
{
"product": "Windows Server 2008 R2",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Itanium-Based Systems Service Pack 1"
},
{
"status": "affected",
"version": "x64-based Systems Service Pack 1"
},
{
"status": "affected",
"version": "x64-based Systems Service Pack 1 (Server Core installation)"
}
]
},
{
"product": "Windows 10",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Version 1607 for 32-bit Systems"
},
{
"status": "affected",
"version": "Version 1607 for x64-based Systems"
},
{
"status": "affected",
"version": "Version 1709 for 32-bit Systems"
},
{
"status": "affected",
"version": "Version 1709 for x64-based Systems"
},
{
"status": "affected",
"version": "Version 1803 for 32-bit Systems"
},
{
"status": "affected",
"version": "Version 1803 for x64-based Systems"
},
{
"status": "affected",
"version": "Version 1809 for 32-bit Systems"
},
{
"status": "affected",
"version": "Version 1809 for x64-based Systems"
}
]
},
{
"product": "Windows 10 Servers",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "version 1709 (Server Core Installation)"
},
{
"status": "affected",
"version": "version 1803 (Server Core Installation)"
}
]
}
],
"datePublic": "2018-10-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A security feature bypass vulnerability exists in DNS Global Blocklist feature, aka \"Windows DNS Security Feature Bypass Vulnerability.\" This affects Windows Server 2012 R2, Windows Server 2008, Windows Server 2012, Windows Server 2019, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Security Feature Bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T09:57:01.000Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "105503",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105503"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8320"
},
{
"name": "1041830",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1041830"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2018-8320",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Windows Server 2012 R2",
"version": {
"version_data": [
{
"version_value": "(Server Core installation)"
}
]
}
},
{
"product_name": "Windows Server 2008",
"version": {
"version_data": [
{
"version_value": "32-bit Systems Service Pack 2"
},
{
"version_value": "32-bit Systems Service Pack 2 (Server Core installation)"
},
{
"version_value": "Itanium-Based Systems Service Pack 2"
},
{
"version_value": "x64-based Systems Service Pack 2"
},
{
"version_value": "x64-based Systems Service Pack 2 (Server Core installation)"
}
]
}
},
{
"product_name": "Windows Server 2012",
"version": {
"version_data": [
{
"version_value": "(Server Core installation)"
}
]
}
},
{
"product_name": "Windows Server 2019",
"version": {
"version_data": [
{
"version_value": "(Server Core installation)"
}
]
}
},
{
"product_name": "Windows Server 2016",
"version": {
"version_data": [
{
"version_value": "(Server Core installation)"
}
]
}
},
{
"product_name": "Windows Server 2008 R2",
"version": {
"version_data": [
{
"version_value": "Itanium-Based Systems Service Pack 1"
},
{
"version_value": "x64-based Systems Service Pack 1"
},
{
"version_value": "x64-based Systems Service Pack 1 (Server Core installation)"
}
]
}
},
{
"product_name": "Windows 10",
"version": {
"version_data": [
{
"version_value": "Version 1607 for 32-bit Systems"
},
{
"version_value": "Version 1607 for x64-based Systems"
},
{
"version_value": "Version 1709 for 32-bit Systems"
},
{
"version_value": "Version 1709 for x64-based Systems"
},
{
"version_value": "Version 1803 for 32-bit Systems"
},
{
"version_value": "Version 1803 for x64-based Systems"
},
{
"version_value": "Version 1809 for 32-bit Systems"
},
{
"version_value": "Version 1809 for x64-based Systems"
}
]
}
},
{
"product_name": "Windows 10 Servers",
"version": {
"version_data": [
{
"version_value": "version 1709 (Server Core Installation)"
},
{
"version_value": "version 1803 (Server Core Installation)"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A security feature bypass vulnerability exists in DNS Global Blocklist feature, aka \"Windows DNS Security Feature Bypass Vulnerability.\" This affects Windows Server 2012 R2, Windows Server 2008, Windows Server 2012, Windows Server 2019, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Security Feature Bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "105503",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105503"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8320",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8320"
},
{
"name": "1041830",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041830"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2018-8320",
"datePublished": "2018-10-10T13:00:00.000Z",
"dateReserved": "2018-03-14T00:00:00.000Z",
"dateUpdated": "2024-08-05T06:54:35.209Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-8329 (GCVE-0-2018-8329)
Vulnerability from cvelistv5 – Published: 2018-10-10 13:00 – Updated: 2024-08-05 06:54
VLAI
EPSS
Summary
An Elevation of Privilege vulnerability exists in Windows Subsystem for Linux when it fails to properly handle objects in memory, aka "Linux On Windows Elevation Of Privilege Vulnerability." This affects Windows 10, Windows 10 Servers.
Severity
No CVSS data available.
CWE
- Elevation of Privilege
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/105505 | vdb-entryx_refsource_BID |
| https://portal.msrc.microsoft.com/en-US/security-… | x_refsource_CONFIRM |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Windows 10 |
Affected:
Version 1803 for 32-bit Systems
Affected: Version 1803 for x64-based Systems |
|
| Microsoft | Windows 10 Servers |
Affected:
version 1803 (Server Core Installation)
|
Date Public
2018-10-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:54:35.310Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "105505",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105505"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8329"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Windows 10",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Version 1803 for 32-bit Systems"
},
{
"status": "affected",
"version": "Version 1803 for x64-based Systems"
}
]
},
{
"product": "Windows 10 Servers",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "version 1803 (Server Core Installation)"
}
]
}
],
"datePublic": "2018-10-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An Elevation of Privilege vulnerability exists in Windows Subsystem for Linux when it fails to properly handle objects in memory, aka \"Linux On Windows Elevation Of Privilege Vulnerability.\" This affects Windows 10, Windows 10 Servers."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of Privilege",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T09:57:01.000Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "105505",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105505"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8329"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2018-8329",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Windows 10",
"version": {
"version_data": [
{
"version_value": "Version 1803 for 32-bit Systems"
},
{
"version_value": "Version 1803 for x64-based Systems"
}
]
}
},
{
"product_name": "Windows 10 Servers",
"version": {
"version_data": [
{
"version_value": "version 1803 (Server Core Installation)"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An Elevation of Privilege vulnerability exists in Windows Subsystem for Linux when it fails to properly handle objects in memory, aka \"Linux On Windows Elevation Of Privilege Vulnerability.\" This affects Windows 10, Windows 10 Servers."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of Privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "105505",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105505"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8329",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8329"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2018-8329",
"datePublished": "2018-10-10T13:00:00.000Z",
"dateReserved": "2018-03-14T00:00:00.000Z",
"dateUpdated": "2024-08-05T06:54:35.310Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-8330 (GCVE-0-2018-8330)
Vulnerability from cvelistv5 – Published: 2018-10-10 13:00 – Updated: 2024-08-05 06:54
VLAI
EPSS
Summary
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
Severity
No CVSS data available.
CWE
- Information Disclosure
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://portal.msrc.microsoft.com/en-US/security-… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/105477 | vdb-entryx_refsource_BID |
Impacted products
11 products
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Windows 7 |
Affected:
32-bit Systems Service Pack 1
Affected: x64-based Systems Service Pack 1 |
|
| Microsoft | Windows Server 2012 R2 |
Affected:
(Server Core installation)
|
|
| Microsoft | Windows RT 8.1 |
Affected:
Windows RT 8.1
|
|
| Microsoft | Windows Server 2008 |
Affected:
32-bit Systems Service Pack 2
Affected: 32-bit Systems Service Pack 2 (Server Core installation) Affected: Itanium-Based Systems Service Pack 2 Affected: x64-based Systems Service Pack 2 Affected: x64-based Systems Service Pack 2 (Server Core installation) |
|
| Microsoft | Windows Server 2019 |
Affected:
(Server Core installation)
|
|
| Microsoft | Windows Server 2012 |
Affected:
(Server Core installation)
|
|
| Microsoft | Windows 8.1 |
Affected:
32-bit systems
Affected: x64-based systems |
|
| Microsoft | Windows Server 2016 |
Affected:
(Server Core installation)
|
|
| Microsoft | Windows Server 2008 R2 |
Affected:
Itanium-Based Systems Service Pack 1
Affected: x64-based Systems Service Pack 1 Affected: x64-based Systems Service Pack 1 (Server Core installation) |
|
| Microsoft | Windows 10 |
Affected:
32-bit Systems
Affected: Version 1607 for 32-bit Systems Affected: Version 1607 for x64-based Systems Affected: Version 1703 for 32-bit Systems Affected: Version 1703 for x64-based Systems Affected: Version 1709 for 32-bit Systems Affected: Version 1709 for x64-based Systems Affected: Version 1803 for 32-bit Systems Affected: Version 1803 for x64-based Systems Affected: Version 1809 for 32-bit Systems Affected: Version 1809 for x64-based Systems Affected: x64-based Systems |
|
| Microsoft | Windows 10 Servers |
Affected:
version 1709 (Server Core Installation)
Affected: version 1803 (Server Core Installation) |
Date Public
2018-10-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:54:34.947Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8330"
},
{
"name": "105477",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105477"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Windows 7",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "32-bit Systems Service Pack 1"
},
{
"status": "affected",
"version": "x64-based Systems Service Pack 1"
}
]
},
{
"product": "Windows Server 2012 R2",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "(Server Core installation)"
}
]
},
{
"product": "Windows RT 8.1",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Windows RT 8.1"
}
]
},
{
"product": "Windows Server 2008",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "32-bit Systems Service Pack 2"
},
{
"status": "affected",
"version": "32-bit Systems Service Pack 2 (Server Core installation)"
},
{
"status": "affected",
"version": "Itanium-Based Systems Service Pack 2"
},
{
"status": "affected",
"version": "x64-based Systems Service Pack 2"
},
{
"status": "affected",
"version": "x64-based Systems Service Pack 2 (Server Core installation)"
}
]
},
{
"product": "Windows Server 2019",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "(Server Core installation)"
}
]
},
{
"product": "Windows Server 2012",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "(Server Core installation)"
}
]
},
{
"product": "Windows 8.1",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "32-bit systems"
},
{
"status": "affected",
"version": "x64-based systems"
}
]
},
{
"product": "Windows Server 2016",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "(Server Core installation)"
}
]
},
{
"product": "Windows Server 2008 R2",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Itanium-Based Systems Service Pack 1"
},
{
"status": "affected",
"version": "x64-based Systems Service Pack 1"
},
{
"status": "affected",
"version": "x64-based Systems Service Pack 1 (Server Core installation)"
}
]
},
{
"product": "Windows 10",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "32-bit Systems"
},
{
"status": "affected",
"version": "Version 1607 for 32-bit Systems"
},
{
"status": "affected",
"version": "Version 1607 for x64-based Systems"
},
{
"status": "affected",
"version": "Version 1703 for 32-bit Systems"
},
{
"status": "affected",
"version": "Version 1703 for x64-based Systems"
},
{
"status": "affected",
"version": "Version 1709 for 32-bit Systems"
},
{
"status": "affected",
"version": "Version 1709 for x64-based Systems"
},
{
"status": "affected",
"version": "Version 1803 for 32-bit Systems"
},
{
"status": "affected",
"version": "Version 1803 for x64-based Systems"
},
{
"status": "affected",
"version": "Version 1809 for 32-bit Systems"
},
{
"status": "affected",
"version": "Version 1809 for x64-based Systems"
},
{
"status": "affected",
"version": "x64-based Systems"
}
]
},
{
"product": "Windows 10 Servers",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "version 1709 (Server Core Installation)"
},
{
"status": "affected",
"version": "version 1803 (Server Core Installation)"
}
]
}
],
"datePublic": "2018-10-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka \"Windows Kernel Information Disclosure Vulnerability.\" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T09:57:01.000Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8330"
},
{
"name": "105477",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105477"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2018-8330",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Windows 7",
"version": {
"version_data": [
{
"version_value": "32-bit Systems Service Pack 1"
},
{
"version_value": "x64-based Systems Service Pack 1"
}
]
}
},
{
"product_name": "Windows Server 2012 R2",
"version": {
"version_data": [
{
"version_value": "(Server Core installation)"
}
]
}
},
{
"product_name": "Windows RT 8.1",
"version": {
"version_data": [
{
"version_value": "Windows RT 8.1"
}
]
}
},
{
"product_name": "Windows Server 2008",
"version": {
"version_data": [
{
"version_value": "32-bit Systems Service Pack 2"
},
{
"version_value": "32-bit Systems Service Pack 2 (Server Core installation)"
},
{
"version_value": "Itanium-Based Systems Service Pack 2"
},
{
"version_value": "x64-based Systems Service Pack 2"
},
{
"version_value": "x64-based Systems Service Pack 2 (Server Core installation)"
}
]
}
},
{
"product_name": "Windows Server 2019",
"version": {
"version_data": [
{
"version_value": "(Server Core installation)"
}
]
}
},
{
"product_name": "Windows Server 2012",
"version": {
"version_data": [
{
"version_value": "(Server Core installation)"
}
]
}
},
{
"product_name": "Windows 8.1",
"version": {
"version_data": [
{
"version_value": "32-bit systems"
},
{
"version_value": "x64-based systems"
}
]
}
},
{
"product_name": "Windows Server 2016",
"version": {
"version_data": [
{
"version_value": "(Server Core installation)"
}
]
}
},
{
"product_name": "Windows Server 2008 R2",
"version": {
"version_data": [
{
"version_value": "Itanium-Based Systems Service Pack 1"
},
{
"version_value": "x64-based Systems Service Pack 1"
},
{
"version_value": "x64-based Systems Service Pack 1 (Server Core installation)"
}
]
}
},
{
"product_name": "Windows 10",
"version": {
"version_data": [
{
"version_value": "32-bit Systems"
},
{
"version_value": "Version 1607 for 32-bit Systems"
},
{
"version_value": "Version 1607 for x64-based Systems"
},
{
"version_value": "Version 1703 for 32-bit Systems"
},
{
"version_value": "Version 1703 for x64-based Systems"
},
{
"version_value": "Version 1709 for 32-bit Systems"
},
{
"version_value": "Version 1709 for x64-based Systems"
},
{
"version_value": "Version 1803 for 32-bit Systems"
},
{
"version_value": "Version 1803 for x64-based Systems"
},
{
"version_value": "Version 1809 for 32-bit Systems"
},
{
"version_value": "Version 1809 for x64-based Systems"
},
{
"version_value": "x64-based Systems"
}
]
}
},
{
"product_name": "Windows 10 Servers",
"version": {
"version_data": [
{
"version_value": "version 1709 (Server Core Installation)"
},
{
"version_value": "version 1803 (Server Core Installation)"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka \"Windows Kernel Information Disclosure Vulnerability.\" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8330",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8330"
},
{
"name": "105477",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105477"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2018-8330",
"datePublished": "2018-10-10T13:00:00.000Z",
"dateReserved": "2018-03-14T00:00:00.000Z",
"dateUpdated": "2024-08-05T06:54:34.947Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-8333 (GCVE-0-2018-8333)
Vulnerability from cvelistv5 – Published: 2018-10-10 13:00 – Updated: 2024-08-05 06:54
VLAI
EPSS
Summary
An Elevation of Privilege vulnerability exists in Filter Manager when it improperly handles objects in memory, aka "Microsoft Filter Manager Elevation Of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
Severity
No CVSS data available.
CWE
- Elevation of Privilege
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/105507 | vdb-entryx_refsource_BID |
| http://www.securitytracker.com/id/1041831 | vdb-entryx_refsource_SECTRACK |
| https://portal.msrc.microsoft.com/en-US/security-… | x_refsource_CONFIRM |
Impacted products
11 products
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Windows 7 |
Affected:
32-bit Systems Service Pack 1
Affected: x64-based Systems Service Pack 1 |
|
| Microsoft | Windows Server 2012 R2 |
Affected:
(Server Core installation)
|
|
| Microsoft | Windows RT 8.1 |
Affected:
Windows RT 8.1
|
|
| Microsoft | Windows Server 2008 |
Affected:
32-bit Systems Service Pack 2
Affected: 32-bit Systems Service Pack 2 (Server Core installation) Affected: Itanium-Based Systems Service Pack 2 Affected: x64-based Systems Service Pack 2 Affected: x64-based Systems Service Pack 2 (Server Core installation) |
|
| Microsoft | Windows Server 2019 |
Affected:
(Server Core installation)
|
|
| Microsoft | Windows Server 2012 |
Affected:
(Server Core installation)
|
|
| Microsoft | Windows 8.1 |
Affected:
32-bit systems
Affected: x64-based systems |
|
| Microsoft | Windows Server 2016 |
Affected:
(Server Core installation)
|
|
| Microsoft | Windows Server 2008 R2 |
Affected:
Itanium-Based Systems Service Pack 1
Affected: x64-based Systems Service Pack 1 Affected: x64-based Systems Service Pack 1 (Server Core installation) |
|
| Microsoft | Windows 10 |
Affected:
32-bit Systems
Affected: Version 1607 for 32-bit Systems Affected: Version 1607 for x64-based Systems Affected: Version 1703 for 32-bit Systems Affected: Version 1703 for x64-based Systems Affected: Version 1709 for 32-bit Systems Affected: Version 1709 for x64-based Systems Affected: Version 1803 for 32-bit Systems Affected: Version 1803 for x64-based Systems Affected: Version 1809 for 32-bit Systems Affected: Version 1809 for x64-based Systems Affected: x64-based Systems |
|
| Microsoft | Windows 10 Servers |
Affected:
version 1709 (Server Core Installation)
Affected: version 1803 (Server Core Installation) |
Date Public
2018-10-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:54:35.475Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "105507",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105507"
},
{
"name": "1041831",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1041831"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8333"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Windows 7",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "32-bit Systems Service Pack 1"
},
{
"status": "affected",
"version": "x64-based Systems Service Pack 1"
}
]
},
{
"product": "Windows Server 2012 R2",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "(Server Core installation)"
}
]
},
{
"product": "Windows RT 8.1",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Windows RT 8.1"
}
]
},
{
"product": "Windows Server 2008",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "32-bit Systems Service Pack 2"
},
{
"status": "affected",
"version": "32-bit Systems Service Pack 2 (Server Core installation)"
},
{
"status": "affected",
"version": "Itanium-Based Systems Service Pack 2"
},
{
"status": "affected",
"version": "x64-based Systems Service Pack 2"
},
{
"status": "affected",
"version": "x64-based Systems Service Pack 2 (Server Core installation)"
}
]
},
{
"product": "Windows Server 2019",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "(Server Core installation)"
}
]
},
{
"product": "Windows Server 2012",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "(Server Core installation)"
}
]
},
{
"product": "Windows 8.1",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "32-bit systems"
},
{
"status": "affected",
"version": "x64-based systems"
}
]
},
{
"product": "Windows Server 2016",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "(Server Core installation)"
}
]
},
{
"product": "Windows Server 2008 R2",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Itanium-Based Systems Service Pack 1"
},
{
"status": "affected",
"version": "x64-based Systems Service Pack 1"
},
{
"status": "affected",
"version": "x64-based Systems Service Pack 1 (Server Core installation)"
}
]
},
{
"product": "Windows 10",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "32-bit Systems"
},
{
"status": "affected",
"version": "Version 1607 for 32-bit Systems"
},
{
"status": "affected",
"version": "Version 1607 for x64-based Systems"
},
{
"status": "affected",
"version": "Version 1703 for 32-bit Systems"
},
{
"status": "affected",
"version": "Version 1703 for x64-based Systems"
},
{
"status": "affected",
"version": "Version 1709 for 32-bit Systems"
},
{
"status": "affected",
"version": "Version 1709 for x64-based Systems"
},
{
"status": "affected",
"version": "Version 1803 for 32-bit Systems"
},
{
"status": "affected",
"version": "Version 1803 for x64-based Systems"
},
{
"status": "affected",
"version": "Version 1809 for 32-bit Systems"
},
{
"status": "affected",
"version": "Version 1809 for x64-based Systems"
},
{
"status": "affected",
"version": "x64-based Systems"
}
]
},
{
"product": "Windows 10 Servers",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "version 1709 (Server Core Installation)"
},
{
"status": "affected",
"version": "version 1803 (Server Core Installation)"
}
]
}
],
"datePublic": "2018-10-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An Elevation of Privilege vulnerability exists in Filter Manager when it improperly handles objects in memory, aka \"Microsoft Filter Manager Elevation Of Privilege Vulnerability.\" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of Privilege",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T09:57:01.000Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "105507",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105507"
},
{
"name": "1041831",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1041831"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8333"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2018-8333",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Windows 7",
"version": {
"version_data": [
{
"version_value": "32-bit Systems Service Pack 1"
},
{
"version_value": "x64-based Systems Service Pack 1"
}
]
}
},
{
"product_name": "Windows Server 2012 R2",
"version": {
"version_data": [
{
"version_value": "(Server Core installation)"
}
]
}
},
{
"product_name": "Windows RT 8.1",
"version": {
"version_data": [
{
"version_value": "Windows RT 8.1"
}
]
}
},
{
"product_name": "Windows Server 2008",
"version": {
"version_data": [
{
"version_value": "32-bit Systems Service Pack 2"
},
{
"version_value": "32-bit Systems Service Pack 2 (Server Core installation)"
},
{
"version_value": "Itanium-Based Systems Service Pack 2"
},
{
"version_value": "x64-based Systems Service Pack 2"
},
{
"version_value": "x64-based Systems Service Pack 2 (Server Core installation)"
}
]
}
},
{
"product_name": "Windows Server 2019",
"version": {
"version_data": [
{
"version_value": "(Server Core installation)"
}
]
}
},
{
"product_name": "Windows Server 2012",
"version": {
"version_data": [
{
"version_value": "(Server Core installation)"
}
]
}
},
{
"product_name": "Windows 8.1",
"version": {
"version_data": [
{
"version_value": "32-bit systems"
},
{
"version_value": "x64-based systems"
}
]
}
},
{
"product_name": "Windows Server 2016",
"version": {
"version_data": [
{
"version_value": "(Server Core installation)"
}
]
}
},
{
"product_name": "Windows Server 2008 R2",
"version": {
"version_data": [
{
"version_value": "Itanium-Based Systems Service Pack 1"
},
{
"version_value": "x64-based Systems Service Pack 1"
},
{
"version_value": "x64-based Systems Service Pack 1 (Server Core installation)"
}
]
}
},
{
"product_name": "Windows 10",
"version": {
"version_data": [
{
"version_value": "32-bit Systems"
},
{
"version_value": "Version 1607 for 32-bit Systems"
},
{
"version_value": "Version 1607 for x64-based Systems"
},
{
"version_value": "Version 1703 for 32-bit Systems"
},
{
"version_value": "Version 1703 for x64-based Systems"
},
{
"version_value": "Version 1709 for 32-bit Systems"
},
{
"version_value": "Version 1709 for x64-based Systems"
},
{
"version_value": "Version 1803 for 32-bit Systems"
},
{
"version_value": "Version 1803 for x64-based Systems"
},
{
"version_value": "Version 1809 for 32-bit Systems"
},
{
"version_value": "Version 1809 for x64-based Systems"
},
{
"version_value": "x64-based Systems"
}
]
}
},
{
"product_name": "Windows 10 Servers",
"version": {
"version_data": [
{
"version_value": "version 1709 (Server Core Installation)"
},
{
"version_value": "version 1803 (Server Core Installation)"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An Elevation of Privilege vulnerability exists in Filter Manager when it improperly handles objects in memory, aka \"Microsoft Filter Manager Elevation Of Privilege Vulnerability.\" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of Privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "105507",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105507"
},
{
"name": "1041831",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041831"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8333",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8333"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2018-8333",
"datePublished": "2018-10-10T13:00:00.000Z",
"dateReserved": "2018-03-14T00:00:00.000Z",
"dateUpdated": "2024-08-05T06:54:35.475Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-8411 (GCVE-0-2018-8411)
Vulnerability from cvelistv5 – Published: 2018-10-10 13:00 – Updated: 2024-08-05 06:54
VLAI
EPSS
Summary
An elevation of privilege vulnerability exists when NTFS improperly checks access, aka "NTFS Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
Severity
No CVSS data available.
CWE
- Elevation of Privilege
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://portal.msrc.microsoft.com/en-US/security-… | x_refsource_CONFIRM |
| https://www.exploit-db.com/exploits/45624/ | exploitx_refsource_EXPLOIT-DB |
| http://www.securitytracker.com/id/1041832 | vdb-entryx_refsource_SECTRACK |
| http://www.securityfocus.com/bid/105508 | vdb-entryx_refsource_BID |
Impacted products
11 products
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Windows 7 |
Affected:
32-bit Systems Service Pack 1
Affected: x64-based Systems Service Pack 1 |
|
| Microsoft | Windows Server 2012 R2 |
Affected:
(Server Core installation)
|
|
| Microsoft | Windows RT 8.1 |
Affected:
Windows RT 8.1
|
|
| Microsoft | Windows Server 2008 |
Affected:
32-bit Systems Service Pack 2
Affected: 32-bit Systems Service Pack 2 (Server Core installation) Affected: Itanium-Based Systems Service Pack 2 Affected: x64-based Systems Service Pack 2 Affected: x64-based Systems Service Pack 2 (Server Core installation) |
|
| Microsoft | Windows Server 2019 |
Affected:
(Server Core installation)
|
|
| Microsoft | Windows Server 2012 |
Affected:
(Server Core installation)
|
|
| Microsoft | Windows 8.1 |
Affected:
32-bit systems
Affected: x64-based systems |
|
| Microsoft | Windows Server 2016 |
Affected:
(Server Core installation)
|
|
| Microsoft | Windows Server 2008 R2 |
Affected:
Itanium-Based Systems Service Pack 1
Affected: x64-based Systems Service Pack 1 Affected: x64-based Systems Service Pack 1 (Server Core installation) |
|
| Microsoft | Windows 10 |
Affected:
32-bit Systems
Affected: Version 1607 for 32-bit Systems Affected: Version 1607 for x64-based Systems Affected: Version 1703 for 32-bit Systems Affected: Version 1703 for x64-based Systems Affected: Version 1709 for 32-bit Systems Affected: Version 1709 for x64-based Systems Affected: Version 1803 for 32-bit Systems Affected: Version 1803 for x64-based Systems Affected: Version 1809 for 32-bit Systems Affected: Version 1809 for x64-based Systems Affected: x64-based Systems |
|
| Microsoft | Windows 10 Servers |
Affected:
version 1709 (Server Core Installation)
Affected: version 1803 (Server Core Installation) |
Date Public
2018-10-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:54:36.376Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8411"
},
{
"name": "45624",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/45624/"
},
{
"name": "1041832",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1041832"
},
{
"name": "105508",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105508"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Windows 7",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "32-bit Systems Service Pack 1"
},
{
"status": "affected",
"version": "x64-based Systems Service Pack 1"
}
]
},
{
"product": "Windows Server 2012 R2",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "(Server Core installation)"
}
]
},
{
"product": "Windows RT 8.1",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Windows RT 8.1"
}
]
},
{
"product": "Windows Server 2008",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "32-bit Systems Service Pack 2"
},
{
"status": "affected",
"version": "32-bit Systems Service Pack 2 (Server Core installation)"
},
{
"status": "affected",
"version": "Itanium-Based Systems Service Pack 2"
},
{
"status": "affected",
"version": "x64-based Systems Service Pack 2"
},
{
"status": "affected",
"version": "x64-based Systems Service Pack 2 (Server Core installation)"
}
]
},
{
"product": "Windows Server 2019",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "(Server Core installation)"
}
]
},
{
"product": "Windows Server 2012",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "(Server Core installation)"
}
]
},
{
"product": "Windows 8.1",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "32-bit systems"
},
{
"status": "affected",
"version": "x64-based systems"
}
]
},
{
"product": "Windows Server 2016",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "(Server Core installation)"
}
]
},
{
"product": "Windows Server 2008 R2",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Itanium-Based Systems Service Pack 1"
},
{
"status": "affected",
"version": "x64-based Systems Service Pack 1"
},
{
"status": "affected",
"version": "x64-based Systems Service Pack 1 (Server Core installation)"
}
]
},
{
"product": "Windows 10",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "32-bit Systems"
},
{
"status": "affected",
"version": "Version 1607 for 32-bit Systems"
},
{
"status": "affected",
"version": "Version 1607 for x64-based Systems"
},
{
"status": "affected",
"version": "Version 1703 for 32-bit Systems"
},
{
"status": "affected",
"version": "Version 1703 for x64-based Systems"
},
{
"status": "affected",
"version": "Version 1709 for 32-bit Systems"
},
{
"status": "affected",
"version": "Version 1709 for x64-based Systems"
},
{
"status": "affected",
"version": "Version 1803 for 32-bit Systems"
},
{
"status": "affected",
"version": "Version 1803 for x64-based Systems"
},
{
"status": "affected",
"version": "Version 1809 for 32-bit Systems"
},
{
"status": "affected",
"version": "Version 1809 for x64-based Systems"
},
{
"status": "affected",
"version": "x64-based Systems"
}
]
},
{
"product": "Windows 10 Servers",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "version 1709 (Server Core Installation)"
},
{
"status": "affected",
"version": "version 1803 (Server Core Installation)"
}
]
}
],
"datePublic": "2018-10-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An elevation of privilege vulnerability exists when NTFS improperly checks access, aka \"NTFS Elevation of Privilege Vulnerability.\" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of Privilege",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T09:57:01.000Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8411"
},
{
"name": "45624",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/45624/"
},
{
"name": "1041832",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1041832"
},
{
"name": "105508",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105508"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2018-8411",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Windows 7",
"version": {
"version_data": [
{
"version_value": "32-bit Systems Service Pack 1"
},
{
"version_value": "x64-based Systems Service Pack 1"
}
]
}
},
{
"product_name": "Windows Server 2012 R2",
"version": {
"version_data": [
{
"version_value": "(Server Core installation)"
}
]
}
},
{
"product_name": "Windows RT 8.1",
"version": {
"version_data": [
{
"version_value": "Windows RT 8.1"
}
]
}
},
{
"product_name": "Windows Server 2008",
"version": {
"version_data": [
{
"version_value": "32-bit Systems Service Pack 2"
},
{
"version_value": "32-bit Systems Service Pack 2 (Server Core installation)"
},
{
"version_value": "Itanium-Based Systems Service Pack 2"
},
{
"version_value": "x64-based Systems Service Pack 2"
},
{
"version_value": "x64-based Systems Service Pack 2 (Server Core installation)"
}
]
}
},
{
"product_name": "Windows Server 2019",
"version": {
"version_data": [
{
"version_value": "(Server Core installation)"
}
]
}
},
{
"product_name": "Windows Server 2012",
"version": {
"version_data": [
{
"version_value": "(Server Core installation)"
}
]
}
},
{
"product_name": "Windows 8.1",
"version": {
"version_data": [
{
"version_value": "32-bit systems"
},
{
"version_value": "x64-based systems"
}
]
}
},
{
"product_name": "Windows Server 2016",
"version": {
"version_data": [
{
"version_value": "(Server Core installation)"
}
]
}
},
{
"product_name": "Windows Server 2008 R2",
"version": {
"version_data": [
{
"version_value": "Itanium-Based Systems Service Pack 1"
},
{
"version_value": "x64-based Systems Service Pack 1"
},
{
"version_value": "x64-based Systems Service Pack 1 (Server Core installation)"
}
]
}
},
{
"product_name": "Windows 10",
"version": {
"version_data": [
{
"version_value": "32-bit Systems"
},
{
"version_value": "Version 1607 for 32-bit Systems"
},
{
"version_value": "Version 1607 for x64-based Systems"
},
{
"version_value": "Version 1703 for 32-bit Systems"
},
{
"version_value": "Version 1703 for x64-based Systems"
},
{
"version_value": "Version 1709 for 32-bit Systems"
},
{
"version_value": "Version 1709 for x64-based Systems"
},
{
"version_value": "Version 1803 for 32-bit Systems"
},
{
"version_value": "Version 1803 for x64-based Systems"
},
{
"version_value": "Version 1809 for 32-bit Systems"
},
{
"version_value": "Version 1809 for x64-based Systems"
},
{
"version_value": "x64-based Systems"
}
]
}
},
{
"product_name": "Windows 10 Servers",
"version": {
"version_data": [
{
"version_value": "version 1709 (Server Core Installation)"
},
{
"version_value": "version 1803 (Server Core Installation)"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An elevation of privilege vulnerability exists when NTFS improperly checks access, aka \"NTFS Elevation of Privilege Vulnerability.\" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of Privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8411",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8411"
},
{
"name": "45624",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/45624/"
},
{
"name": "1041832",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041832"
},
{
"name": "105508",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105508"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2018-8411",
"datePublished": "2018-10-10T13:00:00.000Z",
"dateReserved": "2018-03-14T00:00:00.000Z",
"dateUpdated": "2024-08-05T06:54:36.376Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-8413 (GCVE-0-2018-8413)
Vulnerability from cvelistv5 – Published: 2018-10-10 13:00 – Updated: 2024-08-05 06:54
VLAI
EPSS
Summary
A remote code execution vulnerability exists when "Windows Theme API" does not properly decompress files, aka "Windows Theme API Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
Severity
No CVSS data available.
CWE
- Remote Code Execution
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.securitytracker.com/id/1041824 | vdb-entryx_refsource_SECTRACK |
| https://portal.msrc.microsoft.com/en-US/security-… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/105448 | vdb-entryx_refsource_BID |
| http://packetstormsecurity.com/files/156027/Micro… | x_refsource_MISC |
Impacted products
10 products
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Windows 7 |
Affected:
32-bit Systems Service Pack 1
Affected: x64-based Systems Service Pack 1 |
|
| Microsoft | Windows Server 2012 R2 |
Affected:
(Server Core installation)
|
|
| Microsoft | Windows RT 8.1 |
Affected:
Windows RT 8.1
|
|
| Microsoft | Windows Server 2019 |
Affected:
(Server Core installation)
|
|
| Microsoft | Windows Server 2012 |
Affected:
(Server Core installation)
|
|
| Microsoft | Windows 8.1 |
Affected:
32-bit systems
Affected: x64-based systems |
|
| Microsoft | Windows Server 2016 |
Affected:
(Server Core installation)
|
|
| Microsoft | Windows Server 2008 R2 |
Affected:
Itanium-Based Systems Service Pack 1
Affected: x64-based Systems Service Pack 1 Affected: x64-based Systems Service Pack 1 (Server Core installation) |
|
| Microsoft | Windows 10 |
Affected:
32-bit Systems
Affected: Version 1607 for 32-bit Systems Affected: Version 1607 for x64-based Systems Affected: Version 1703 for 32-bit Systems Affected: Version 1703 for x64-based Systems Affected: Version 1709 for 32-bit Systems Affected: Version 1709 for x64-based Systems Affected: Version 1803 for 32-bit Systems Affected: Version 1803 for x64-based Systems Affected: Version 1809 for 32-bit Systems Affected: Version 1809 for x64-based Systems Affected: x64-based Systems |
|
| Microsoft | Windows 10 Servers |
Affected:
version 1709 (Server Core Installation)
Affected: version 1803 (Server Core Installation) |
Date Public
2018-10-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:54:36.322Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1041824",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1041824"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8413"
},
{
"name": "105448",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105448"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/156027/Microsoft-Windows-Theme-API-File-Parsing.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Windows 7",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "32-bit Systems Service Pack 1"
},
{
"status": "affected",
"version": "x64-based Systems Service Pack 1"
}
]
},
{
"product": "Windows Server 2012 R2",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "(Server Core installation)"
}
]
},
{
"product": "Windows RT 8.1",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Windows RT 8.1"
}
]
},
{
"product": "Windows Server 2019",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "(Server Core installation)"
}
]
},
{
"product": "Windows Server 2012",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "(Server Core installation)"
}
]
},
{
"product": "Windows 8.1",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "32-bit systems"
},
{
"status": "affected",
"version": "x64-based systems"
}
]
},
{
"product": "Windows Server 2016",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "(Server Core installation)"
}
]
},
{
"product": "Windows Server 2008 R2",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Itanium-Based Systems Service Pack 1"
},
{
"status": "affected",
"version": "x64-based Systems Service Pack 1"
},
{
"status": "affected",
"version": "x64-based Systems Service Pack 1 (Server Core installation)"
}
]
},
{
"product": "Windows 10",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "32-bit Systems"
},
{
"status": "affected",
"version": "Version 1607 for 32-bit Systems"
},
{
"status": "affected",
"version": "Version 1607 for x64-based Systems"
},
{
"status": "affected",
"version": "Version 1703 for 32-bit Systems"
},
{
"status": "affected",
"version": "Version 1703 for x64-based Systems"
},
{
"status": "affected",
"version": "Version 1709 for 32-bit Systems"
},
{
"status": "affected",
"version": "Version 1709 for x64-based Systems"
},
{
"status": "affected",
"version": "Version 1803 for 32-bit Systems"
},
{
"status": "affected",
"version": "Version 1803 for x64-based Systems"
},
{
"status": "affected",
"version": "Version 1809 for 32-bit Systems"
},
{
"status": "affected",
"version": "Version 1809 for x64-based Systems"
},
{
"status": "affected",
"version": "x64-based Systems"
}
]
},
{
"product": "Windows 10 Servers",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "version 1709 (Server Core Installation)"
},
{
"status": "affected",
"version": "version 1803 (Server Core Installation)"
}
]
}
],
"datePublic": "2018-10-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A remote code execution vulnerability exists when \"Windows Theme API\" does not properly decompress files, aka \"Windows Theme API Remote Code Execution Vulnerability.\" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-21T20:06:06.000Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "1041824",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1041824"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8413"
},
{
"name": "105448",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105448"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/156027/Microsoft-Windows-Theme-API-File-Parsing.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2018-8413",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Windows 7",
"version": {
"version_data": [
{
"version_value": "32-bit Systems Service Pack 1"
},
{
"version_value": "x64-based Systems Service Pack 1"
}
]
}
},
{
"product_name": "Windows Server 2012 R2",
"version": {
"version_data": [
{
"version_value": "(Server Core installation)"
}
]
}
},
{
"product_name": "Windows RT 8.1",
"version": {
"version_data": [
{
"version_value": "Windows RT 8.1"
}
]
}
},
{
"product_name": "Windows Server 2019",
"version": {
"version_data": [
{
"version_value": "(Server Core installation)"
}
]
}
},
{
"product_name": "Windows Server 2012",
"version": {
"version_data": [
{
"version_value": "(Server Core installation)"
}
]
}
},
{
"product_name": "Windows 8.1",
"version": {
"version_data": [
{
"version_value": "32-bit systems"
},
{
"version_value": "x64-based systems"
}
]
}
},
{
"product_name": "Windows Server 2016",
"version": {
"version_data": [
{
"version_value": "(Server Core installation)"
}
]
}
},
{
"product_name": "Windows Server 2008 R2",
"version": {
"version_data": [
{
"version_value": "Itanium-Based Systems Service Pack 1"
},
{
"version_value": "x64-based Systems Service Pack 1"
},
{
"version_value": "x64-based Systems Service Pack 1 (Server Core installation)"
}
]
}
},
{
"product_name": "Windows 10",
"version": {
"version_data": [
{
"version_value": "32-bit Systems"
},
{
"version_value": "Version 1607 for 32-bit Systems"
},
{
"version_value": "Version 1607 for x64-based Systems"
},
{
"version_value": "Version 1703 for 32-bit Systems"
},
{
"version_value": "Version 1703 for x64-based Systems"
},
{
"version_value": "Version 1709 for 32-bit Systems"
},
{
"version_value": "Version 1709 for x64-based Systems"
},
{
"version_value": "Version 1803 for 32-bit Systems"
},
{
"version_value": "Version 1803 for x64-based Systems"
},
{
"version_value": "Version 1809 for 32-bit Systems"
},
{
"version_value": "Version 1809 for x64-based Systems"
},
{
"version_value": "x64-based Systems"
}
]
}
},
{
"product_name": "Windows 10 Servers",
"version": {
"version_data": [
{
"version_value": "version 1709 (Server Core Installation)"
},
{
"version_value": "version 1803 (Server Core Installation)"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote code execution vulnerability exists when \"Windows Theme API\" does not properly decompress files, aka \"Windows Theme API Remote Code Execution Vulnerability.\" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1041824",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041824"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8413",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8413"
},
{
"name": "105448",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105448"
},
{
"name": "http://packetstormsecurity.com/files/156027/Microsoft-Windows-Theme-API-File-Parsing.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/156027/Microsoft-Windows-Theme-API-File-Parsing.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2018-8413",
"datePublished": "2018-10-10T13:00:00.000Z",
"dateReserved": "2018-03-14T00:00:00.000Z",
"dateUpdated": "2024-08-05T06:54:36.322Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-8423 (GCVE-0-2018-8423)
Vulnerability from cvelistv5 – Published: 2018-10-10 13:00 – Updated: 2024-08-05 06:54
VLAI
EPSS
Summary
A remote code execution vulnerability exists in the Microsoft JET Database Engine, aka "Microsoft JET Database Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
Severity
No CVSS data available.
CWE
- Remote Code Execution
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://blog.0patch.com/2018/10/patching-re-patch… | x_refsource_MISC |
| http://www.securitytracker.com/id/1041837 | vdb-entryx_refsource_SECTRACK |
| https://blog.0patch.com/2018/09/outrunning-attack… | x_refsource_MISC |
| https://portal.msrc.microsoft.com/en-US/security-… | x_refsource_CONFIRM |
Impacted products
11 products
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Windows 7 |
Affected:
32-bit Systems Service Pack 1
Affected: x64-based Systems Service Pack 1 |
|
| Microsoft | Windows Server 2012 R2 |
Affected:
(Server Core installation)
|
|
| Microsoft | Windows RT 8.1 |
Affected:
Windows RT 8.1
|
|
| Microsoft | Windows Server 2008 |
Affected:
32-bit Systems Service Pack 2
Affected: 32-bit Systems Service Pack 2 (Server Core installation) Affected: Itanium-Based Systems Service Pack 2 Affected: x64-based Systems Service Pack 2 Affected: x64-based Systems Service Pack 2 (Server Core installation) |
|
| Microsoft | Windows Server 2019 |
Affected:
(Server Core installation)
|
|
| Microsoft | Windows Server 2012 |
Affected:
(Server Core installation)
|
|
| Microsoft | Windows 8.1 |
Affected:
32-bit systems
Affected: x64-based systems |
|
| Microsoft | Windows Server 2016 |
Affected:
(Server Core installation)
|
|
| Microsoft | Windows Server 2008 R2 |
Affected:
Itanium-Based Systems Service Pack 1
Affected: x64-based Systems Service Pack 1 Affected: x64-based Systems Service Pack 1 (Server Core installation) |
|
| Microsoft | Windows 10 |
Affected:
32-bit Systems
Affected: Version 1607 for 32-bit Systems Affected: Version 1607 for x64-based Systems Affected: Version 1703 for 32-bit Systems Affected: Version 1703 for x64-based Systems Affected: Version 1709 for 32-bit Systems Affected: Version 1709 for x64-based Systems Affected: Version 1803 for 32-bit Systems Affected: Version 1803 for x64-based Systems Affected: Version 1809 for 32-bit Systems Affected: Version 1809 for x64-based Systems Affected: x64-based Systems |
|
| Microsoft | Windows 10 Servers |
Affected:
version 1709 (Server Core Installation)
Affected: version 1803 (Server Core Installation) |
Date Public
2018-10-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:54:36.446Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.0patch.com/2018/10/patching-re-patching-and-meta-patching.html"
},
{
"name": "1041837",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1041837"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.0patch.com/2018/09/outrunning-attackers-on-jet-database.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8423"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Windows 7",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "32-bit Systems Service Pack 1"
},
{
"status": "affected",
"version": "x64-based Systems Service Pack 1"
}
]
},
{
"product": "Windows Server 2012 R2",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "(Server Core installation)"
}
]
},
{
"product": "Windows RT 8.1",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Windows RT 8.1"
}
]
},
{
"product": "Windows Server 2008",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "32-bit Systems Service Pack 2"
},
{
"status": "affected",
"version": "32-bit Systems Service Pack 2 (Server Core installation)"
},
{
"status": "affected",
"version": "Itanium-Based Systems Service Pack 2"
},
{
"status": "affected",
"version": "x64-based Systems Service Pack 2"
},
{
"status": "affected",
"version": "x64-based Systems Service Pack 2 (Server Core installation)"
}
]
},
{
"product": "Windows Server 2019",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "(Server Core installation)"
}
]
},
{
"product": "Windows Server 2012",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "(Server Core installation)"
}
]
},
{
"product": "Windows 8.1",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "32-bit systems"
},
{
"status": "affected",
"version": "x64-based systems"
}
]
},
{
"product": "Windows Server 2016",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "(Server Core installation)"
}
]
},
{
"product": "Windows Server 2008 R2",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Itanium-Based Systems Service Pack 1"
},
{
"status": "affected",
"version": "x64-based Systems Service Pack 1"
},
{
"status": "affected",
"version": "x64-based Systems Service Pack 1 (Server Core installation)"
}
]
},
{
"product": "Windows 10",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "32-bit Systems"
},
{
"status": "affected",
"version": "Version 1607 for 32-bit Systems"
},
{
"status": "affected",
"version": "Version 1607 for x64-based Systems"
},
{
"status": "affected",
"version": "Version 1703 for 32-bit Systems"
},
{
"status": "affected",
"version": "Version 1703 for x64-based Systems"
},
{
"status": "affected",
"version": "Version 1709 for 32-bit Systems"
},
{
"status": "affected",
"version": "Version 1709 for x64-based Systems"
},
{
"status": "affected",
"version": "Version 1803 for 32-bit Systems"
},
{
"status": "affected",
"version": "Version 1803 for x64-based Systems"
},
{
"status": "affected",
"version": "Version 1809 for 32-bit Systems"
},
{
"status": "affected",
"version": "Version 1809 for x64-based Systems"
},
{
"status": "affected",
"version": "x64-based Systems"
}
]
},
{
"product": "Windows 10 Servers",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "version 1709 (Server Core Installation)"
},
{
"status": "affected",
"version": "version 1803 (Server Core Installation)"
}
]
}
],
"datePublic": "2018-10-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A remote code execution vulnerability exists in the Microsoft JET Database Engine, aka \"Microsoft JET Database Engine Remote Code Execution Vulnerability.\" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T18:57:01.000Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.0patch.com/2018/10/patching-re-patching-and-meta-patching.html"
},
{
"name": "1041837",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1041837"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.0patch.com/2018/09/outrunning-attackers-on-jet-database.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8423"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2018-8423",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Windows 7",
"version": {
"version_data": [
{
"version_value": "32-bit Systems Service Pack 1"
},
{
"version_value": "x64-based Systems Service Pack 1"
}
]
}
},
{
"product_name": "Windows Server 2012 R2",
"version": {
"version_data": [
{
"version_value": "(Server Core installation)"
}
]
}
},
{
"product_name": "Windows RT 8.1",
"version": {
"version_data": [
{
"version_value": "Windows RT 8.1"
}
]
}
},
{
"product_name": "Windows Server 2008",
"version": {
"version_data": [
{
"version_value": "32-bit Systems Service Pack 2"
},
{
"version_value": "32-bit Systems Service Pack 2 (Server Core installation)"
},
{
"version_value": "Itanium-Based Systems Service Pack 2"
},
{
"version_value": "x64-based Systems Service Pack 2"
},
{
"version_value": "x64-based Systems Service Pack 2 (Server Core installation)"
}
]
}
},
{
"product_name": "Windows Server 2019",
"version": {
"version_data": [
{
"version_value": "(Server Core installation)"
}
]
}
},
{
"product_name": "Windows Server 2012",
"version": {
"version_data": [
{
"version_value": "(Server Core installation)"
}
]
}
},
{
"product_name": "Windows 8.1",
"version": {
"version_data": [
{
"version_value": "32-bit systems"
},
{
"version_value": "x64-based systems"
}
]
}
},
{
"product_name": "Windows Server 2016",
"version": {
"version_data": [
{
"version_value": "(Server Core installation)"
}
]
}
},
{
"product_name": "Windows Server 2008 R2",
"version": {
"version_data": [
{
"version_value": "Itanium-Based Systems Service Pack 1"
},
{
"version_value": "x64-based Systems Service Pack 1"
},
{
"version_value": "x64-based Systems Service Pack 1 (Server Core installation)"
}
]
}
},
{
"product_name": "Windows 10",
"version": {
"version_data": [
{
"version_value": "32-bit Systems"
},
{
"version_value": "Version 1607 for 32-bit Systems"
},
{
"version_value": "Version 1607 for x64-based Systems"
},
{
"version_value": "Version 1703 for 32-bit Systems"
},
{
"version_value": "Version 1703 for x64-based Systems"
},
{
"version_value": "Version 1709 for 32-bit Systems"
},
{
"version_value": "Version 1709 for x64-based Systems"
},
{
"version_value": "Version 1803 for 32-bit Systems"
},
{
"version_value": "Version 1803 for x64-based Systems"
},
{
"version_value": "Version 1809 for 32-bit Systems"
},
{
"version_value": "Version 1809 for x64-based Systems"
},
{
"version_value": "x64-based Systems"
}
]
}
},
{
"product_name": "Windows 10 Servers",
"version": {
"version_data": [
{
"version_value": "version 1709 (Server Core Installation)"
},
{
"version_value": "version 1803 (Server Core Installation)"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote code execution vulnerability exists in the Microsoft JET Database Engine, aka \"Microsoft JET Database Engine Remote Code Execution Vulnerability.\" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blog.0patch.com/2018/10/patching-re-patching-and-meta-patching.html",
"refsource": "MISC",
"url": "https://blog.0patch.com/2018/10/patching-re-patching-and-meta-patching.html"
},
{
"name": "1041837",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041837"
},
{
"name": "https://blog.0patch.com/2018/09/outrunning-attackers-on-jet-database.html",
"refsource": "MISC",
"url": "https://blog.0patch.com/2018/09/outrunning-attackers-on-jet-database.html"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8423",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8423"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2018-8423",
"datePublished": "2018-10-10T13:00:00.000Z",
"dateReserved": "2018-03-14T00:00:00.000Z",
"dateUpdated": "2024-08-05T06:54:36.446Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-8427 (GCVE-0-2018-8427)
Vulnerability from cvelistv5 – Published: 2018-10-10 13:00 – Updated: 2024-08-05 06:54
VLAI
EPSS
Summary
An information disclosure vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka "Microsoft Graphics Components Information Disclosure Vulnerability." This affects Microsoft Office, Microsoft Office Word Viewer, Office 365 ProPlus, Windows Server 2008, Microsoft PowerPoint Viewer, Microsoft Excel Viewer.
Severity
No CVSS data available.
CWE
- Information Disclosure
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.securitytracker.com/id/1041823 | vdb-entryx_refsource_SECTRACK |
| http://www.securityfocus.com/bid/105453 | vdb-entryx_refsource_BID |
| https://portal.msrc.microsoft.com/en-US/security-… | x_refsource_CONFIRM |
Impacted products
6 products
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Microsoft Office |
Affected:
2016 for Mac
Affected: 2019 for 32-bit editions Affected: 2019 for 64-bit editions Affected: Compatibility Pack Service Pack 3 |
|
| Microsoft | Microsoft Office Word Viewer |
Affected:
Microsoft Office Word Viewer
|
|
| Microsoft | Windows Server 2008 |
Affected:
32-bit Systems Service Pack 2
Affected: 32-bit Systems Service Pack 2 (Server Core installation) Affected: Itanium-Based Systems Service Pack 2 Affected: x64-based Systems Service Pack 2 Affected: x64-based Systems Service Pack 2 (Server Core installation) |
|
| Microsoft | Microsoft PowerPoint Viewer |
Affected:
2007
|
|
| Microsoft | Office |
Affected:
365 ProPlus for 32-bit Systems
Affected: 365 ProPlus for 64-bit Systems |
|
| Microsoft | Microsoft Excel Viewer |
Affected:
2007 Service Pack 3
|
Date Public
2018-10-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:54:36.426Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1041823",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1041823"
},
{
"name": "105453",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105453"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8427"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Microsoft Office",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2016 for Mac"
},
{
"status": "affected",
"version": "2019 for 32-bit editions"
},
{
"status": "affected",
"version": "2019 for 64-bit editions"
},
{
"status": "affected",
"version": "Compatibility Pack Service Pack 3"
}
]
},
{
"product": "Microsoft Office Word Viewer",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Microsoft Office Word Viewer"
}
]
},
{
"product": "Windows Server 2008",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "32-bit Systems Service Pack 2"
},
{
"status": "affected",
"version": "32-bit Systems Service Pack 2 (Server Core installation)"
},
{
"status": "affected",
"version": "Itanium-Based Systems Service Pack 2"
},
{
"status": "affected",
"version": "x64-based Systems Service Pack 2"
},
{
"status": "affected",
"version": "x64-based Systems Service Pack 2 (Server Core installation)"
}
]
},
{
"product": "Microsoft PowerPoint Viewer",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2007"
}
]
},
{
"product": "Office",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "365 ProPlus for 32-bit Systems"
},
{
"status": "affected",
"version": "365 ProPlus for 64-bit Systems"
}
]
},
{
"product": "Microsoft Excel Viewer",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2007 Service Pack 3"
}
]
}
],
"datePublic": "2018-10-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An information disclosure vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka \"Microsoft Graphics Components Information Disclosure Vulnerability.\" This affects Microsoft Office, Microsoft Office Word Viewer, Office 365 ProPlus, Windows Server 2008, Microsoft PowerPoint Viewer, Microsoft Excel Viewer."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T09:57:01.000Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "1041823",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1041823"
},
{
"name": "105453",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105453"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8427"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2018-8427",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Office",
"version": {
"version_data": [
{
"version_value": "2016 for Mac"
},
{
"version_value": "2019 for 32-bit editions"
},
{
"version_value": "2019 for 64-bit editions"
},
{
"version_value": "Compatibility Pack Service Pack 3"
}
]
}
},
{
"product_name": "Microsoft Office Word Viewer",
"version": {
"version_data": [
{
"version_value": "Microsoft Office Word Viewer"
}
]
}
},
{
"product_name": "Windows Server 2008",
"version": {
"version_data": [
{
"version_value": "32-bit Systems Service Pack 2"
},
{
"version_value": "32-bit Systems Service Pack 2 (Server Core installation)"
},
{
"version_value": "Itanium-Based Systems Service Pack 2"
},
{
"version_value": "x64-based Systems Service Pack 2"
},
{
"version_value": "x64-based Systems Service Pack 2 (Server Core installation)"
}
]
}
},
{
"product_name": "Microsoft PowerPoint Viewer",
"version": {
"version_data": [
{
"version_value": "2007"
}
]
}
},
{
"product_name": "Office",
"version": {
"version_data": [
{
"version_value": "365 ProPlus for 32-bit Systems"
},
{
"version_value": "365 ProPlus for 64-bit Systems"
}
]
}
},
{
"product_name": "Microsoft Excel Viewer",
"version": {
"version_data": [
{
"version_value": "2007 Service Pack 3"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An information disclosure vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka \"Microsoft Graphics Components Information Disclosure Vulnerability.\" This affects Microsoft Office, Microsoft Office Word Viewer, Office 365 ProPlus, Windows Server 2008, Microsoft PowerPoint Viewer, Microsoft Excel Viewer."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1041823",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041823"
},
{
"name": "105453",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105453"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8427",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8427"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2018-8427",
"datePublished": "2018-10-10T13:00:00.000Z",
"dateReserved": "2018-03-14T00:00:00.000Z",
"dateUpdated": "2024-08-05T06:54:36.426Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-8432 (GCVE-0-2018-8432)
Vulnerability from cvelistv5 – Published: 2018-10-10 13:00 – Updated: 2024-08-05 06:54
VLAI
EPSS
Summary
A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka "Microsoft Graphics Components Remote Code Execution Vulnerability." This affects Windows 7, Microsoft Office, Microsoft Office Word Viewer, Office 365 ProPlus, Microsoft Excel Viewer, Microsoft PowerPoint Viewer, Windows Server 2019, Windows Server 2008 R2, Windows 10, Windows Server 2008.
Severity
No CVSS data available.
CWE
- Remote Code Execution
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/105458 | vdb-entryx_refsource_BID |
| http://www.securitytracker.com/id/1041823 | vdb-entryx_refsource_SECTRACK |
| https://portal.msrc.microsoft.com/en-US/security-… | x_refsource_CONFIRM |
Impacted products
10 products
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Windows 7 |
Affected:
32-bit Systems Service Pack 1
Affected: x64-based Systems Service Pack 1 |
|
| Microsoft | Microsoft Office |
Affected:
2016 for Mac
Affected: 2019 for 32-bit editions Affected: 2019 for 64-bit editions Affected: Compatibility Pack Service Pack 3 |
|
| Microsoft | Microsoft Office Word Viewer |
Affected:
Microsoft Office Word Viewer
|
|
| Microsoft | Microsoft Excel Viewer |
Affected:
2007 Service Pack 3
|
|
| Microsoft | Microsoft PowerPoint Viewer |
Affected:
2007
|
|
| Microsoft | Windows Server 2019 |
Affected:
(Server Core installation)
|
|
| Microsoft | Office |
Affected:
365 ProPlus for 32-bit Systems
Affected: 365 ProPlus for 64-bit Systems |
|
| Microsoft | Windows Server 2008 R2 |
Affected:
Itanium-Based Systems Service Pack 1
Affected: x64-based Systems Service Pack 1 Affected: x64-based Systems Service Pack 1 (Server Core installation) |
|
| Microsoft | Windows 10 |
Affected:
Version 1809 for 32-bit Systems
Affected: Version 1809 for x64-based Systems |
|
| Microsoft | Windows Server 2008 |
Affected:
32-bit Systems Service Pack 2
Affected: 32-bit Systems Service Pack 2 (Server Core installation) Affected: Itanium-Based Systems Service Pack 2 Affected: x64-based Systems Service Pack 2 Affected: x64-based Systems Service Pack 2 (Server Core installation) |
Date Public
2018-10-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:54:36.446Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "105458",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105458"
},
{
"name": "1041823",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1041823"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8432"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Windows 7",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "32-bit Systems Service Pack 1"
},
{
"status": "affected",
"version": "x64-based Systems Service Pack 1"
}
]
},
{
"product": "Microsoft Office",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2016 for Mac"
},
{
"status": "affected",
"version": "2019 for 32-bit editions"
},
{
"status": "affected",
"version": "2019 for 64-bit editions"
},
{
"status": "affected",
"version": "Compatibility Pack Service Pack 3"
}
]
},
{
"product": "Microsoft Office Word Viewer",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Microsoft Office Word Viewer"
}
]
},
{
"product": "Microsoft Excel Viewer",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2007 Service Pack 3"
}
]
},
{
"product": "Microsoft PowerPoint Viewer",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2007"
}
]
},
{
"product": "Windows Server 2019",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "(Server Core installation)"
}
]
},
{
"product": "Office",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "365 ProPlus for 32-bit Systems"
},
{
"status": "affected",
"version": "365 ProPlus for 64-bit Systems"
}
]
},
{
"product": "Windows Server 2008 R2",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Itanium-Based Systems Service Pack 1"
},
{
"status": "affected",
"version": "x64-based Systems Service Pack 1"
},
{
"status": "affected",
"version": "x64-based Systems Service Pack 1 (Server Core installation)"
}
]
},
{
"product": "Windows 10",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Version 1809 for 32-bit Systems"
},
{
"status": "affected",
"version": "Version 1809 for x64-based Systems"
}
]
},
{
"product": "Windows Server 2008",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "32-bit Systems Service Pack 2"
},
{
"status": "affected",
"version": "32-bit Systems Service Pack 2 (Server Core installation)"
},
{
"status": "affected",
"version": "Itanium-Based Systems Service Pack 2"
},
{
"status": "affected",
"version": "x64-based Systems Service Pack 2"
},
{
"status": "affected",
"version": "x64-based Systems Service Pack 2 (Server Core installation)"
}
]
}
],
"datePublic": "2018-10-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka \"Microsoft Graphics Components Remote Code Execution Vulnerability.\" This affects Windows 7, Microsoft Office, Microsoft Office Word Viewer, Office 365 ProPlus, Microsoft Excel Viewer, Microsoft PowerPoint Viewer, Windows Server 2019, Windows Server 2008 R2, Windows 10, Windows Server 2008."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T09:57:01.000Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "105458",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105458"
},
{
"name": "1041823",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1041823"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8432"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2018-8432",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Windows 7",
"version": {
"version_data": [
{
"version_value": "32-bit Systems Service Pack 1"
},
{
"version_value": "x64-based Systems Service Pack 1"
}
]
}
},
{
"product_name": "Microsoft Office",
"version": {
"version_data": [
{
"version_value": "2016 for Mac"
},
{
"version_value": "2019 for 32-bit editions"
},
{
"version_value": "2019 for 64-bit editions"
},
{
"version_value": "Compatibility Pack Service Pack 3"
}
]
}
},
{
"product_name": "Microsoft Office Word Viewer",
"version": {
"version_data": [
{
"version_value": "Microsoft Office Word Viewer"
}
]
}
},
{
"product_name": "Microsoft Excel Viewer",
"version": {
"version_data": [
{
"version_value": "2007 Service Pack 3"
}
]
}
},
{
"product_name": "Microsoft PowerPoint Viewer",
"version": {
"version_data": [
{
"version_value": "2007"
}
]
}
},
{
"product_name": "Windows Server 2019",
"version": {
"version_data": [
{
"version_value": "(Server Core installation)"
}
]
}
},
{
"product_name": "Office",
"version": {
"version_data": [
{
"version_value": "365 ProPlus for 32-bit Systems"
},
{
"version_value": "365 ProPlus for 64-bit Systems"
}
]
}
},
{
"product_name": "Windows Server 2008 R2",
"version": {
"version_data": [
{
"version_value": "Itanium-Based Systems Service Pack 1"
},
{
"version_value": "x64-based Systems Service Pack 1"
},
{
"version_value": "x64-based Systems Service Pack 1 (Server Core installation)"
}
]
}
},
{
"product_name": "Windows 10",
"version": {
"version_data": [
{
"version_value": "Version 1809 for 32-bit Systems"
},
{
"version_value": "Version 1809 for x64-based Systems"
}
]
}
},
{
"product_name": "Windows Server 2008",
"version": {
"version_data": [
{
"version_value": "32-bit Systems Service Pack 2"
},
{
"version_value": "32-bit Systems Service Pack 2 (Server Core installation)"
},
{
"version_value": "Itanium-Based Systems Service Pack 2"
},
{
"version_value": "x64-based Systems Service Pack 2"
},
{
"version_value": "x64-based Systems Service Pack 2 (Server Core installation)"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka \"Microsoft Graphics Components Remote Code Execution Vulnerability.\" This affects Windows 7, Microsoft Office, Microsoft Office Word Viewer, Office 365 ProPlus, Microsoft Excel Viewer, Microsoft PowerPoint Viewer, Windows Server 2019, Windows Server 2008 R2, Windows 10, Windows Server 2008."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "105458",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105458"
},
{
"name": "1041823",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041823"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8432",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8432"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2018-8432",
"datePublished": "2018-10-10T13:00:00.000Z",
"dateReserved": "2018-03-14T00:00:00.000Z",
"dateUpdated": "2024-08-05T06:54:36.446Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-8453 (GCVE-0-2018-8453)
Vulnerability from cvelistv5 – Published: 2018-10-10 13:00 – Updated: 2025-10-21 23:45
VLAI
EPSS
Summary
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
Severity
7.8 (High)
CWE
- Elevation of Privilege
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://www.securitytracker.com/id/1041828 | vdb-entryx_refsource_SECTRACK |
| https://securelist.com/cve-2018-8453-used-in-targ… | x_refsource_MISC |
| https://portal.msrc.microsoft.com/en-US/security-… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/105467 | vdb-entryx_refsource_BID |
| http://packetstormsecurity.com/files/153669/Micro… | x_refsource_MISC |
Impacted products
11 products
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Windows 7 |
Affected:
32-bit Systems Service Pack 1
Affected: x64-based Systems Service Pack 1 |
|
| Microsoft | Windows Server 2012 R2 |
Affected:
(Server Core installation)
|
|
| Microsoft | Windows RT 8.1 |
Affected:
Windows RT 8.1
|
|
| Microsoft | Windows Server 2008 |
Affected:
32-bit Systems Service Pack 2
Affected: 32-bit Systems Service Pack 2 (Server Core installation) Affected: Itanium-Based Systems Service Pack 2 Affected: x64-based Systems Service Pack 2 Affected: x64-based Systems Service Pack 2 (Server Core installation) |
|
| Microsoft | Windows Server 2019 |
Affected:
(Server Core installation)
|
|
| Microsoft | Windows Server 2012 |
Affected:
(Server Core installation)
|
|
| Microsoft | Windows 8.1 |
Affected:
32-bit systems
Affected: x64-based systems |
|
| Microsoft | Windows Server 2016 |
Affected:
(Server Core installation)
|
|
| Microsoft | Windows Server 2008 R2 |
Affected:
Itanium-Based Systems Service Pack 1
Affected: x64-based Systems Service Pack 1 Affected: x64-based Systems Service Pack 1 (Server Core installation) |
|
| Microsoft | Windows 10 |
Affected:
32-bit Systems
Affected: Version 1607 for 32-bit Systems Affected: Version 1607 for x64-based Systems Affected: Version 1703 for 32-bit Systems Affected: Version 1703 for x64-based Systems Affected: Version 1709 for 32-bit Systems Affected: Version 1709 for x64-based Systems Affected: Version 1803 for 32-bit Systems Affected: Version 1803 for x64-based Systems Affected: Version 1809 for 32-bit Systems Affected: Version 1809 for x64-based Systems Affected: x64-based Systems |
|
| Microsoft | Windows 10 Servers |
Affected:
version 1709 (Server Core Installation)
Affected: version 1803 (Server Core Installation) |
Date Public
2018-10-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:54:36.664Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1041828",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1041828"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://securelist.com/cve-2018-8453-used-in-targeted-attack"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8453"
},
{
"name": "105467",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105467"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/153669/Microsoft-Windows-NtUserSetWindowFNID-Win32k-User-Callback.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2018-8453",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-07T16:24:16.678337Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2022-01-21",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-8453"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T23:45:47.893Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-8453"
}
],
"timeline": [
{
"lang": "en",
"time": "2022-01-21T00:00:00.000Z",
"value": "CVE-2018-8453 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Windows 7",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "32-bit Systems Service Pack 1"
},
{
"status": "affected",
"version": "x64-based Systems Service Pack 1"
}
]
},
{
"product": "Windows Server 2012 R2",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "(Server Core installation)"
}
]
},
{
"product": "Windows RT 8.1",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Windows RT 8.1"
}
]
},
{
"product": "Windows Server 2008",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "32-bit Systems Service Pack 2"
},
{
"status": "affected",
"version": "32-bit Systems Service Pack 2 (Server Core installation)"
},
{
"status": "affected",
"version": "Itanium-Based Systems Service Pack 2"
},
{
"status": "affected",
"version": "x64-based Systems Service Pack 2"
},
{
"status": "affected",
"version": "x64-based Systems Service Pack 2 (Server Core installation)"
}
]
},
{
"product": "Windows Server 2019",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "(Server Core installation)"
}
]
},
{
"product": "Windows Server 2012",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "(Server Core installation)"
}
]
},
{
"product": "Windows 8.1",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "32-bit systems"
},
{
"status": "affected",
"version": "x64-based systems"
}
]
},
{
"product": "Windows Server 2016",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "(Server Core installation)"
}
]
},
{
"product": "Windows Server 2008 R2",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Itanium-Based Systems Service Pack 1"
},
{
"status": "affected",
"version": "x64-based Systems Service Pack 1"
},
{
"status": "affected",
"version": "x64-based Systems Service Pack 1 (Server Core installation)"
}
]
},
{
"product": "Windows 10",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "32-bit Systems"
},
{
"status": "affected",
"version": "Version 1607 for 32-bit Systems"
},
{
"status": "affected",
"version": "Version 1607 for x64-based Systems"
},
{
"status": "affected",
"version": "Version 1703 for 32-bit Systems"
},
{
"status": "affected",
"version": "Version 1703 for x64-based Systems"
},
{
"status": "affected",
"version": "Version 1709 for 32-bit Systems"
},
{
"status": "affected",
"version": "Version 1709 for x64-based Systems"
},
{
"status": "affected",
"version": "Version 1803 for 32-bit Systems"
},
{
"status": "affected",
"version": "Version 1803 for x64-based Systems"
},
{
"status": "affected",
"version": "Version 1809 for 32-bit Systems"
},
{
"status": "affected",
"version": "Version 1809 for x64-based Systems"
},
{
"status": "affected",
"version": "x64-based Systems"
}
]
},
{
"product": "Windows 10 Servers",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "version 1709 (Server Core Installation)"
},
{
"status": "affected",
"version": "version 1803 (Server Core Installation)"
}
]
}
],
"datePublic": "2018-10-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka \"Win32k Elevation of Privilege Vulnerability.\" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of Privilege",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-16T21:06:05.000Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "1041828",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1041828"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://securelist.com/cve-2018-8453-used-in-targeted-attack"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8453"
},
{
"name": "105467",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105467"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/153669/Microsoft-Windows-NtUserSetWindowFNID-Win32k-User-Callback.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2018-8453",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Windows 7",
"version": {
"version_data": [
{
"version_value": "32-bit Systems Service Pack 1"
},
{
"version_value": "x64-based Systems Service Pack 1"
}
]
}
},
{
"product_name": "Windows Server 2012 R2",
"version": {
"version_data": [
{
"version_value": "(Server Core installation)"
}
]
}
},
{
"product_name": "Windows RT 8.1",
"version": {
"version_data": [
{
"version_value": "Windows RT 8.1"
}
]
}
},
{
"product_name": "Windows Server 2008",
"version": {
"version_data": [
{
"version_value": "32-bit Systems Service Pack 2"
},
{
"version_value": "32-bit Systems Service Pack 2 (Server Core installation)"
},
{
"version_value": "Itanium-Based Systems Service Pack 2"
},
{
"version_value": "x64-based Systems Service Pack 2"
},
{
"version_value": "x64-based Systems Service Pack 2 (Server Core installation)"
}
]
}
},
{
"product_name": "Windows Server 2019",
"version": {
"version_data": [
{
"version_value": "(Server Core installation)"
}
]
}
},
{
"product_name": "Windows Server 2012",
"version": {
"version_data": [
{
"version_value": "(Server Core installation)"
}
]
}
},
{
"product_name": "Windows 8.1",
"version": {
"version_data": [
{
"version_value": "32-bit systems"
},
{
"version_value": "x64-based systems"
}
]
}
},
{
"product_name": "Windows Server 2016",
"version": {
"version_data": [
{
"version_value": "(Server Core installation)"
}
]
}
},
{
"product_name": "Windows Server 2008 R2",
"version": {
"version_data": [
{
"version_value": "Itanium-Based Systems Service Pack 1"
},
{
"version_value": "x64-based Systems Service Pack 1"
},
{
"version_value": "x64-based Systems Service Pack 1 (Server Core installation)"
}
]
}
},
{
"product_name": "Windows 10",
"version": {
"version_data": [
{
"version_value": "32-bit Systems"
},
{
"version_value": "Version 1607 for 32-bit Systems"
},
{
"version_value": "Version 1607 for x64-based Systems"
},
{
"version_value": "Version 1703 for 32-bit Systems"
},
{
"version_value": "Version 1703 for x64-based Systems"
},
{
"version_value": "Version 1709 for 32-bit Systems"
},
{
"version_value": "Version 1709 for x64-based Systems"
},
{
"version_value": "Version 1803 for 32-bit Systems"
},
{
"version_value": "Version 1803 for x64-based Systems"
},
{
"version_value": "Version 1809 for 32-bit Systems"
},
{
"version_value": "Version 1809 for x64-based Systems"
},
{
"version_value": "x64-based Systems"
}
]
}
},
{
"product_name": "Windows 10 Servers",
"version": {
"version_data": [
{
"version_value": "version 1709 (Server Core Installation)"
},
{
"version_value": "version 1803 (Server Core Installation)"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka \"Win32k Elevation of Privilege Vulnerability.\" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of Privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1041828",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041828"
},
{
"name": "https://securelist.com/cve-2018-8453-used-in-targeted-attack",
"refsource": "MISC",
"url": "https://securelist.com/cve-2018-8453-used-in-targeted-attack"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8453",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8453"
},
{
"name": "105467",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105467"
},
{
"name": "http://packetstormsecurity.com/files/153669/Microsoft-Windows-NtUserSetWindowFNID-Win32k-User-Callback.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/153669/Microsoft-Windows-NtUserSetWindowFNID-Win32k-User-Callback.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2018-8453",
"datePublished": "2018-10-10T13:00:00.000Z",
"dateReserved": "2018-03-14T00:00:00.000Z",
"dateUpdated": "2025-10-21T23:45:47.893Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…