CVE-2018-8174: Windows VBScript Engine Remote Code Execution Vulnerability – An advisory by Quick Heal Security Labs
Credit to Author: Prashant Kadam| Date: Thu, 10 May 2018 11:50:17 +0000
Estimated reading time: 1 minuteThe recent zero-day vulnerability in Windows VBScript Engine (CVE-2018-8174), enables attackers to perform a remote code execution on targeted machines. Microsoft has released a security advisory CVE-2018-8174 on May 8, 2018, to address this issue. According to Microsoft, it impacts most of the Windows Operating Systems. Vulnerable versions Windows 7 x86 and x64 versions Windows Server 2012 R2 Windows RT 8.1 Windows Server 2008 Windows Server 2012 Windows 8.1 Windows Server 2016 Windows Server 2008 R2 Windows 10 Windows 10 Servers About the vulnerability This is a use-after-free vulnerability in VBScript Engine which allows attackers to perform a remote code execution on targeted machines. After successful exploitation, attackers can take control of the vulnerable systems and download and execute malware on them. The vulnerability is currently being exploited in the wild through a malicious Office document which is a Microsoft Office/WordPad exploit (CVE-2017-0199). The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. Quick Heal detection Quick Heal’s generic detection ‘Exp.RTF.CVE-2017-0199.AO’ for Microsoft Office/WordPad exploit (CVE-2017-0199), released on December 12, 2017, detects the initial attack vector observed in the wild. Quick Heal has released the following detection for the vulnerability CVE-2018-8174: Exp.IE.CVE-2018-8174 HTTP/CVE-2018-8174.IE Quick Heal Security Labs is actively looking for new in-wild exploits for this vulnerability and ensuring coverage for them. References https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2018-8174 http://blogs.360.cn/blog/cve-2018-8174-en/ The post CVE-2018-8174: Windows VBScript Engine Remote Code Execution Vulnerability – An advisory by Quick Heal Security Labs appeared first on Quick Heal Technologies Security Blog | Latest computer security news, tips, and advice.
http://blogs.quickheal.com/feed/