cnvd-2018-18005
Vulnerability from cnvd

Title: Microsoft Internet Explorer远程代码执行漏洞(CNVD-2018-18005)

Description:

Microsoft Windows Server 2012等都是美国微软(Microsoft)公司发布的一系列操作系统。Internet Explorer(IE)是其中的一款Windows操作系统附带的Web浏览器。

Microsoft IE 9、10和11中脚本引擎处理内存对象的方式存在远程代码执行漏洞。远程攻击者可利用该漏洞在当前用户的上下文中执行任意代码,破坏内存。

Severity:

Patch Name: Microsoft Internet Explorer远程代码执行漏洞(CNVD-2018-18005)的补丁

Patch Description:

Microsoft Windows Server 2012等都是美国微软(Microsoft)公司发布的一系列操作系统。Internet Explorer(IE)是其中的一款Windows操作系统附带的Web浏览器。

Microsoft IE 9、10和11中脚本引擎处理内存对象的方式存在远程代码执行漏洞。远程攻击者可利用该漏洞在当前用户的上下文中执行任意代码,破坏内存。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。

Formal description:

厂商已发布了漏洞修复程序,请及时关注更新: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8353

Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8353 https://www.exploit-db.com/exploits/45279/ https://www.securityfocus.com/bid/105034

Impacted products
Name
['Microsoft Internet Explorer(Windows Server 2008 SP2) 9', 'Microsoft Internet Explorer(Windows Server 2012 R2) 11', 'Microsoft Internet Explorer(Windows Server 2008 R2 SP1) 11', 'Microsoft Internet Explorer(Windows RT 8.1) 11', 'Microsoft Internet Explorer(Windows 8.1) 11', 'Microsoft Internet Explorer(Windows 7 SP1) 11', 'Microsoft Internet Explorer (Windows 10版本1703) 11', 'Microsoft Internet Explorer (Windows 10版本1607) 11', 'Microsoft Internet Explorer (Windows 10) 11', 'Microsoft Internet Explorer (Windows 10版本1709) 11', 'Microsoft Internet Explorer (Windows 10版本1803) 11', 'Microsoft Internet Explorer (Windows Server 2016) 11', 'Microsoft Internet Explorer(Microsoft Windows Server 2012) 10']
Show details on source website

To clipboard 

{
  "bids": {
    "bid": {
      "bidNumber": "105034"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-8353"
    }
  },
  "description": "Microsoft Windows Server 2012\u7b49\u90fd\u662f\u7f8e\u56fd\u5fae\u8f6f\uff08Microsoft\uff09\u516c\u53f8\u53d1\u5e03\u7684\u4e00\u7cfb\u5217\u64cd\u4f5c\u7cfb\u7edf\u3002Internet Explorer\uff08IE\uff09\u662f\u5176\u4e2d\u7684\u4e00\u6b3eWindows\u64cd\u4f5c\u7cfb\u7edf\u9644\u5e26\u7684Web\u6d4f\u89c8\u5668\u3002\r\n\r\nMicrosoft IE 9\u300110\u548c11\u4e2d\u811a\u672c\u5f15\u64ce\u5904\u7406\u5185\u5b58\u5bf9\u8c61\u7684\u65b9\u5f0f\u5b58\u5728\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u5f53\u524d\u7528\u6237\u7684\u4e0a\u4e0b\u6587\u4e2d\u6267\u884c\u4efb\u610f\u4ee3\u7801\uff0c\u7834\u574f\u5185\u5b58\u3002",
  "discovererName": "Ivan Fratric of Google Project Zero",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8353",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-18005",
  "openTime": "2018-09-07",
  "patchDescription": "Microsoft Windows Server 2012\u7b49\u90fd\u662f\u7f8e\u56fd\u5fae\u8f6f\uff08Microsoft\uff09\u516c\u53f8\u53d1\u5e03\u7684\u4e00\u7cfb\u5217\u64cd\u4f5c\u7cfb\u7edf\u3002Internet Explorer\uff08IE\uff09\u662f\u5176\u4e2d\u7684\u4e00\u6b3eWindows\u64cd\u4f5c\u7cfb\u7edf\u9644\u5e26\u7684Web\u6d4f\u89c8\u5668\u3002\r\n\r\nMicrosoft IE 9\u300110\u548c11\u4e2d\u811a\u672c\u5f15\u64ce\u5904\u7406\u5185\u5b58\u5bf9\u8c61\u7684\u65b9\u5f0f\u5b58\u5728\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u5f53\u524d\u7528\u6237\u7684\u4e0a\u4e0b\u6587\u4e2d\u6267\u884c\u4efb\u610f\u4ee3\u7801\uff0c\u7834\u574f\u5185\u5b58\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Microsoft Internet Explorer\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff08CNVD-2018-18005\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Microsoft Internet Explorer\uff08Windows Server 2008 SP2\uff09 9",
      "Microsoft Internet Explorer\uff08Windows Server 2012 R2\uff09 11",
      "Microsoft Internet Explorer\uff08Windows Server 2008 R2 SP1\uff09 11",
      "Microsoft Internet Explorer\uff08Windows RT 8.1\uff09 11",
      "Microsoft Internet Explorer\uff08Windows 8.1\uff09 11",
      "Microsoft Internet Explorer\uff08Windows 7 SP1\uff09 11",
      "Microsoft Internet Explorer \uff08Windows 10\u7248\u672c1703\uff09 11",
      "Microsoft Internet Explorer \uff08Windows 10\u7248\u672c1607\uff09 11",
      "Microsoft Internet Explorer \uff08Windows 10\uff09 11",
      "Microsoft Internet Explorer \uff08Windows 10\u7248\u672c1709\uff09 11",
      "Microsoft Internet Explorer \uff08Windows 10\u7248\u672c1803\uff09 11",
      "Microsoft Internet Explorer \uff08Windows Server 2016\uff09 11",
      "Microsoft Internet Explorer\uff08Microsoft Windows Server 2012\uff09 10"
    ]
  },
  "referenceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8353\r\nhttps://www.exploit-db.com/exploits/45279/\r\nhttps://www.securityfocus.com/bid/105034",
  "serverity": "\u9ad8",
  "submitTime": "2018-08-15",
  "title": "Microsoft Internet Explorer\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff08CNVD-2018-18005\uff09"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.