Scripting Engine Memory Corruption Vulnerability

2018-01-03T08:00:00

Description

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge (HTML-based). The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge (HTML-based) and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability. The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.

{"id": "MS:CVE-2018-0768", "bulletinFamily": "microsoft", "title": "Scripting Engine Memory Corruption Vulnerability", "description": "A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge (HTML-based). The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n\nIn a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge (HTML-based) and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.\n\nThe security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.\n", "published": "2018-01-03T08:00:00", "modified": "2018-01-05T08:00:00", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}, "cvss2": {"cvssV2": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.6, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 4.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.6, "impactScore": 5.9}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2018-0768", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2018-0768"], "immutableFields": [], "type": "mscve", "lastseen": "2022-10-26T18:28:15", "edition": 1, "viewCount": 3, "enchantments": {"backreferences": {"references": [{"idList": ["CISA:574A6E25827684C587359C37EF1D5132"], "type": "cisa"}, {"idList": ["CVE-2018-0768"], "type": "cve"}, {"idList": ["TRENDMICROBLOG:6A0454A8A4891A1004496709868EC034"], "type": "trendmicroblog"}, {"idList": ["OPENVAS:1361412562310812292"], "type": "openvas"}, {"idList": ["KLA11166"], "type": "kaspersky"}, {"idList": ["THREATPOST:2C2827FBF9D900F4194802CE8C471B4C"], "type": "threatpost"}, {"idList": ["KB4054517"], "type": "mskb"}, {"idList": ["TALOSBLOG:EC1B279A70AF41A51CBB4EB4722EFA46"], "type": "talosblog"}]}, "dependencies": {"references": [{"idList": ["CVE-2018-0781", "CVE-2018-0762", "CVE-2018-0772", "CVE-2018-0770", "CVE-2018-0778", "CVE-2018-0773", "CVE-2018-0769", "CVE-2018-0775", "CVE-2018-0776", "CVE-2018-0777", "CVE-2018-0758", "CVE-2018-0768", "CVE-2018-0774"], "type": "cve"}, {"idList": ["TRENDMICROBLOG:6A0454A8A4891A1004496709868EC034"], "type": "trendmicroblog"}, {"idList": ["SMB_NT_MS18_JAN_4056892.NASL"], "type": "nessus"}, {"idList": ["OPENVAS:1361412562310812292"], "type": "openvas"}, {"idList": ["KLA11166"], "type": "kaspersky"}, {"idList": ["TALOSBLOG:EC1B279A70AF41A51CBB4EB4722EFA46"], "type": "talosblog"}]}, "exploitation": null, "score": {"value": 1.5, "vector": "NONE"}, "vulnersScore": 1.5}, "_state": {"dependencies": 1666809388, "score": 1666809538}, "_internal": {"score_hash": "9cf5dd67db961811f8d89a578cb8c23f"}, "kbList": ["KB4056892", "KB4054517"], "msrc": "", "mscve": "CVE-2018-0768", "msAffectedSoftware": [{"kb": "KB4056892", "kbSupersedence": "KB4054517", "msplatform": "Windows 10 Version 1709 for x64-based Systems", "name": "microsoft edge (edgehtml-based)", "operator": "", "version": ""}, {"kb": "KB4056892", "kbSupersedence": "KB4054517", "msplatform": "Windows 10 Version 1709 for 32-bit Systems", "name": "microsoft edge (edgehtml-based)", "operator": "", "version": ""}], "vendorCvss": {"baseScore": "4.2", "temporalScore": "3.8", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C"}}

{"cve": [{"lastseen": "2022-03-23T11:42:17", "description": "Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Internet Explorer and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2018-0758, CVE-2018-0768, CVE-2018-0769, CVE-2018-0770, CVE-2018-0772, CVE-2018-0773, CVE-2018-0774, CVE-2018-0775, CVE-2018-0776, CVE-2018-0777, CVE-2018-0778, and CVE-2018-0781.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-01-04T14:29:00", "type": "cve", "title": "CVE-2018-0762", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-0758", "CVE-2018-0762", "CVE-2018-0768", "CVE-2018-0769", "CVE-2018-0770", "CVE-2018-0772", "CVE-2018-0773", "CVE-2018-0774", "CVE-2018-0775", "CVE-2018-0776", "CVE-2018-0777", "CVE-2018-0778", "CVE-2018-0781"], "modified": "2020-08-24T17:37:00", "cpe": ["cpe:/a:microsoft:internet_explorer:11", "cpe:/a:microsoft:internet_explorer:9", "cpe:/a:microsoft:edge:-", "cpe:/a:microsoft:internet_explorer:10"], "id": "CVE-2018-0762", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0762", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:microsoft:internet_explorer:9:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:internet_explorer:11:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:internet_explorer:10:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:edge:-:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T11:42:15", "description": "Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2018-0762, CVE-2018-0768, CVE-2018-0769, CVE-2018-0770, CVE-2018-0772, CVE-2018-0773, CVE-2018-0774, CVE-2018-0775, CVE-2018-0776, CVE-2018-0777, CVE-2018-0778, and CVE-2018-0781.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-01-04T14:29:00", "type": "cve", "title": "CVE-2018-0758", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": true, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-0758", "CVE-2018-0762", "CVE-2018-0768", "CVE-2018-0769", "CVE-2018-0770", "CVE-2018-0772", "CVE-2018-0773", "CVE-2018-0774", "CVE-2018-0775", "CVE-2018-0776", "CVE-2018-0777", "CVE-2018-0778", "CVE-2018-0781"], "modified": "2020-08-24T17:37:00", "cpe": ["cpe:/a:microsoft:edge:-"], "id": "CVE-2018-0758", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0758", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:microsoft:edge:-:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T11:42:24", "description": "Microsoft Edge in Windows 10 1709 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2018-0758, CVE-2018-0762, CVE-2018-0769, CVE-2018-0770, CVE-2018-0772, CVE-2018-0773, CVE-2018-0774, CVE-2018-0775, CVE-2018-0776, CVE-2018-0777, CVE-2018-0778, and CVE-2018-0781.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-01-04T14:29:00", "type": "cve", "title": "CVE-2018-0768", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-0758", "CVE-2018-0762", "CVE-2018-0768", "CVE-2018-0769", "CVE-2018-0770", "CVE-2018-0772", "CVE-2018-0773", "CVE-2018-0774", "CVE-2018-0775", "CVE-2018-0776", "CVE-2018-0777", "CVE-2018-0778", "CVE-2018-0781"], "modified": "2020-08-24T17:37:00", "cpe": ["cpe:/a:microsoft:edge:-"], "id": "CVE-2018-0768", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0768", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:microsoft:edge:-:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T11:42:25", "description": "Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2018-0758, CVE-2018-0762, CVE-2018-0768, CVE-2018-0770, CVE-2018-0772, CVE-2018-0773, CVE-2018-0774, CVE-2018-0775, CVE-2018-0776, CVE-2018-0777, CVE-2018-0778, and CVE-2018-0781.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-01-04T14:29:00", "type": "cve", "title": "CVE-2018-0769", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-0758", "CVE-2018-0762", "CVE-2018-0768", "CVE-2018-0769", "CVE-2018-0770", "CVE-2018-0772", "CVE-2018-0773", "CVE-2018-0774", "CVE-2018-0775", "CVE-2018-0776", "CVE-2018-0777", "CVE-2018-0778", "CVE-2018-0781"], "modified": "2020-08-24T17:37:00", "cpe": ["cpe:/a:microsoft:edge:-"], "id": "CVE-2018-0769", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0769", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:microsoft:edge:-:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T11:42:26", "description": "Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2018-0758, CVE-2018-0762, CVE-2018-0768, CVE-2018-0769, CVE-2018-0772, CVE-2018-0773, CVE-2018-0774, CVE-2018-0775, CVE-2018-0776, CVE-2018-0777, CVE-2018-0778, and CVE-2018-0781.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-01-04T14:29:00", "type": "cve", "title": "CVE-2018-0770", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-0758", "CVE-2018-0762", "CVE-2018-0768", "CVE-2018-0769", "CVE-2018-0770", "CVE-2018-0772", "CVE-2018-0773", "CVE-2018-0774", "CVE-2018-0775", "CVE-2018-0776", "CVE-2018-0777", "CVE-2018-0778", "CVE-2018-0781"], "modified": "2020-08-24T17:37:00", "cpe": ["cpe:/a:microsoft:edge:-"], "id": "CVE-2018-0770", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0770", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:microsoft:edge:-:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T11:42:29", "description": "Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Internet Explorer and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2018-0758, CVE-2018-0762, CVE-2018-0768, CVE-2018-0769, CVE-2018-0770, CVE-2018-0773, CVE-2018-0774, CVE-2018-0775, CVE-2018-0776, CVE-2018-0777, CVE-2018-0778, and CVE-2018-0781.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-01-04T14:29:00", "type": "cve", "title": "CVE-2018-0772", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-0758", "CVE-2018-0762", "CVE-2018-0768", "CVE-2018-0769", "CVE-2018-0770", "CVE-2018-0772", "CVE-2018-0773", "CVE-2018-0774", "CVE-2018-0775", "CVE-2018-0776", "CVE-2018-0777", "CVE-2018-0778", "CVE-2018-0781"], "modified": "2020-08-24T17:37:00", "cpe": ["cpe:/a:microsoft:internet_explorer:11", "cpe:/a:microsoft:internet_explorer:9", "cpe:/a:microsoft:edge:-", "cpe:/a:microsoft:internet_explorer:10"], "id": "CVE-2018-0772", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0772", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:microsoft:internet_explorer:9:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:internet_explorer:11:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:internet_explorer:10:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:edge:-:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T11:42:30", "description": "Microsoft Edge in Windows 10 1709 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2018-0758, CVE-2018-0762, CVE-2018-0768, CVE-2018-0769, CVE-2018-0770, CVE-2018-0772, CVE-2018-0774, CVE-2018-0775, CVE-2018-0776, CVE-2018-0777, CVE-2018-0778, and CVE-2018-0781.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-01-04T14:29:00", "type": "cve", "title": "CVE-2018-0773", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-0758", "CVE-2018-0762", "CVE-2018-0768", "CVE-2018-0769", "CVE-2018-0770", "CVE-2018-0772", "CVE-2018-0773", "CVE-2018-0774", "CVE-2018-0775", "CVE-2018-0776", "CVE-2018-0777", "CVE-2018-0778", "CVE-2018-0781"], "modified": "2020-08-24T17:37:00", "cpe": ["cpe:/a:microsoft:edge:-"], "id": "CVE-2018-0773", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0773", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:microsoft:edge:-:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T11:42:31", "description": "Microsoft Edge in Windows 10 1709 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2018-0758, CVE-2018-0762, CVE-2018-0768, CVE-2018-0769, CVE-2018-0770, CVE-2018-0772, CVE-2018-0773, CVE-2018-0775, CVE-2018-0776, CVE-2018-0777, CVE-2018-0778, and CVE-2018-0781.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-01-04T14:29:00", "type": "cve", "title": "CVE-2018-0774", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": true, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-0758", "CVE-2018-0762", "CVE-2018-0768", "CVE-2018-0769", "CVE-2018-0770", "CVE-2018-0772", "CVE-2018-0773", "CVE-2018-0774", "CVE-2018-0775", "CVE-2018-0776", "CVE-2018-0777", "CVE-2018-0778", "CVE-2018-0781"], "modified": "2020-08-24T17:37:00", "cpe": ["cpe:/a:microsoft:edge:-"], "id": "CVE-2018-0774", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0774", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:microsoft:edge:-:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T11:42:32", "description": "Microsoft Edge in Windows 10 1709 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2018-0758, CVE-2018-0762, CVE-2018-0768, CVE-2018-0769, CVE-2018-0770, CVE-2018-0772, CVE-2018-0773, CVE-2018-0774, CVE-2018-0776, CVE-2018-0777, CVE-2018-0778, and CVE-2018-0781.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-01-04T14:29:00", "type": "cve", "title": "CVE-2018-0775", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": true, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-0758", "CVE-2018-0762", "CVE-2018-0768", "CVE-2018-0769", "CVE-2018-0770", "CVE-2018-0772", "CVE-2018-0773", "CVE-2018-0774", "CVE-2018-0775", "CVE-2018-0776", "CVE-2018-0777", "CVE-2018-0778", "CVE-2018-0781"], "modified": "2020-08-24T17:37:00", "cpe": ["cpe:/a:microsoft:edge:-"], "id": "CVE-2018-0775", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0775", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:microsoft:edge:-:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T11:42:33", "description": "Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2018-0758, CVE-2018-0762, CVE-2018-0768, CVE-2018-0769, CVE-2018-0770, CVE-2018-0772, CVE-2018-0773, CVE-2018-0774, CVE-2018-0775, CVE-2018-0777, CVE-2018-0778, and CVE-2018-0781.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-01-04T14:29:00", "type": "cve", "title": "CVE-2018-0776", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": true, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-0758", "CVE-2018-0762", "CVE-2018-0768", "CVE-2018-0769", "CVE-2018-0770", "CVE-2018-0772", "CVE-2018-0773", "CVE-2018-0774", "CVE-2018-0775", "CVE-2018-0776", "CVE-2018-0777", "CVE-2018-0778", "CVE-2018-0781"], "modified": "2020-08-24T17:37:00", "cpe": ["cpe:/a:microsoft:edge:-"], "id": "CVE-2018-0776", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0776", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:microsoft:edge:-:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T11:42:34", "description": "Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2018-0758, CVE-2018-0762, CVE-2018-0768, CVE-2018-0769, CVE-2018-0770, CVE-2018-0772, CVE-2018-0773, CVE-2018-0774, CVE-2018-0775, CVE-2018-0776, CVE-2018-0778, and CVE-2018-0781.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-01-04T14:29:00", "type": "cve", "title": "CVE-2018-0777", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": true, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-0758", "CVE-2018-0762", "CVE-2018-0768", "CVE-2018-0769", "CVE-2018-0770", "CVE-2018-0772", "CVE-2018-0773", "CVE-2018-0774", "CVE-2018-0775", "CVE-2018-0776", "CVE-2018-0777", "CVE-2018-0778", "CVE-2018-0781"], "modified": "2020-08-24T17:37:00", "cpe": ["cpe:/a:microsoft:edge:-"], "id": "CVE-2018-0777", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0777", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:microsoft:edge:-:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T11:42:36", "description": "Microsoft Edge in Windows 10 1709 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2018-0758, CVE-2018-0762, CVE-2018-0768, CVE-2018-0769, CVE-2018-0770, CVE-2018-0772, CVE-2018-0773, CVE-2018-0774, CVE-2018-0775, CVE-2018-0776, CVE-2018-0777, and CVE-2018-0781.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-01-04T14:29:00", "type": "cve", "title": "CVE-2018-0778", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-0758", "CVE-2018-0762", "CVE-2018-0768", "CVE-2018-0769", "CVE-2018-0770", "CVE-2018-0772", "CVE-2018-0773", "CVE-2018-0774", "CVE-2018-0775", "CVE-2018-0776", "CVE-2018-0777", "CVE-2018-0778", "CVE-2018-0781"], "modified": "2020-08-24T17:37:00", "cpe": ["cpe:/a:microsoft:edge:-"], "id": "CVE-2018-0778", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0778", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:microsoft:edge:-:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T11:42:38", "description": "Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2018-0758, CVE-2018-0762, CVE-2018-0768, CVE-2018-0769, CVE-2018-0770, CVE-2018-0772, CVE-2018-0773, CVE-2018-0774, CVE-2018-0775, CVE-2018-0776, CVE-2018-0777, and CVE-2018-0778.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-01-04T14:29:00", "type": "cve", "title": "CVE-2018-0781", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-0758", "CVE-2018-0762", "CVE-2018-0768", "CVE-2018-0769", "CVE-2018-0770", "CVE-2018-0772", "CVE-2018-0773", "CVE-2018-0774", "CVE-2018-0775", "CVE-2018-0776", "CVE-2018-0777", "CVE-2018-0778", "CVE-2018-0781"], "modified": "2020-08-24T17:37:00", "cpe": ["cpe:/a:microsoft:edge:-"], "id": "CVE-2018-0781", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0781", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:microsoft:edge:-:*:*:*:*:*:*:*"]}], "kaspersky": [{"lastseen": "2021-08-18T11:15:27", "description": "### *Detect date*:\n01/03/2018\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple vulnerabilities were found in Microsoft Browsers. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information, gain privileges, bypass security restrictions.\n\n### *Affected products*:\nInternet Explorer 11 \nInternet Explorer 10 \nInternet Explorer 9 \nMicrosoft Edge (EdgeHTML-based) \nChakraCore\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2018-0758](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-0758>) \n[CVE-2018-0762](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-0762>) \n[CVE-2018-0766](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-0766>) \n[CVE-2018-0767](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-0767>) \n[CVE-2018-0768](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-0768>) \n[CVE-2018-0769](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-0769>) \n[CVE-2018-0770](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-0770>) \n[CVE-2018-0772](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-0772>) \n[CVE-2018-0773](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-0773>) \n[CVE-2018-0774](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-0774>) \n[CVE-2018-0775](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-0775>) \n[CVE-2018-0776](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-0776>) \n[CVE-2018-0777](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-0777>) \n[CVE-2018-0778](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-0778>) \n[CVE-2018-0780](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-0780>) \n[CVE-2018-0781](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-0781>) \n[CVE-2018-0800](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-0800>) \n[CVE-2018-0803](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-0803>) \n[CVE-2018-0818](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-0818>) \n[ADV180002](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Internet Explorer](<https://threats.kaspersky.com/en/product/Microsoft-Internet-Explorer/>)\n\n### *CVE-IDS*:\n[CVE-2018-0758](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0758>)7.6Critical \n[CVE-2018-0762](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0762>)7.6Critical \n[CVE-2018-0766](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0766>)4.3Warning \n[CVE-2018-0767](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0767>)2.6Warning \n[CVE-2018-0768](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0768>)7.6Critical \n[CVE-2018-0769](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0769>)7.6Critical \n[CVE-2018-0770](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0770>)7.6Critical \n[CVE-2018-0772](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0772>)7.6Critical \n[CVE-2018-0773](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0773>)7.6Critical \n[CVE-2018-0774](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0774>)7.6Critical \n[CVE-2018-0775](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0775>)7.6Critical \n[CVE-2018-0776](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0776>)7.6Critical \n[CVE-2018-0777](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0777>)7.6Critical \n[CVE-2018-0778](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0778>)7.6Critical \n[CVE-2018-0780](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0780>)2.6Warning \n[CVE-2018-0781](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0781>)7.6Critical \n[CVE-2018-0800](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0800>)4.3Warning \n[CVE-2018-0803](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0803>)5.8High \n[CVE-2018-0818](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0818>)8.5Critical\n\n### *Microsoft official advisories*:\n\n\n### *KB list*:\n[4056894](<http://support.microsoft.com/kb/4056894>) \n[4056888](<http://support.microsoft.com/kb/4056888>) \n[4056890](<http://support.microsoft.com/kb/4056890>) \n[4056893](<http://support.microsoft.com/kb/4056893>) \n[4056891](<http://support.microsoft.com/kb/4056891>) \n[4056892](<http://support.microsoft.com/kb/4056892>) \n[4056896](<http://support.microsoft.com/kb/4056896>) \n[4056895](<http://support.microsoft.com/kb/4056895>) \n[4056568](<http://support.microsoft.com/kb/4056568>) \n[4088782](<http://support.microsoft.com/kb/4088782>) \n[4088787](<http://support.microsoft.com/kb/4088787>) \n[4088786](<http://support.microsoft.com/kb/4088786>) \n[4088779](<http://support.microsoft.com/kb/4088779>) \n[4089187](<http://support.microsoft.com/kb/4089187>) \n[4088878](<http://support.microsoft.com/kb/4088878>) \n[4088877](<http://support.microsoft.com/kb/4088877>) \n[4088875](<http://support.microsoft.com/kb/4088875>) \n[4088776](<http://support.microsoft.com/kb/4088776>) \n[4088876](<http://support.microsoft.com/kb/4088876>)\n\n### *Exploitation*:\nThe following public exploits exists for this vulnerability:", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-01-03T00:00:00", "type": "kaspersky", "title": "KLA11166 Multiple vunlerabilities in Microsoft Browsers", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.5, "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-0758", "CVE-2018-0762", "CVE-2018-0766", "CVE-2018-0767", "CVE-2018-0768", "CVE-2018-0769", "CVE-2018-0770", "CVE-2018-0772", "CVE-2018-0773", "CVE-2018-0774", "CVE-2018-0775", "CVE-2018-0776", "CVE-2018-0777", "CVE-2018-0778", "CVE-2018-0780", "CVE-2018-0781", "CVE-2018-0800", "CVE-2018-0803", "CVE-2018-0818"], "modified": "2020-08-14T00:00:00", "id": "KLA11166", "href": "https://threats.kaspersky.com/en/vulnerability/KLA11166/", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2023-01-11T14:38:22", "description": "The remote Windows host is missing security update 4056892 or 4073291. It is, therefore, affected by multiple vulnerabilities :\n\n - An vulnerability exists within microprocessors utilizing speculative execution and indirect branch prediction, which may allow an attacker with local user access to disclose information via a side-channel analysis.\n (CVE-2017-5715, CVE-2017-5753, CVE-2017-5754)\n\n - An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2018-0744)\n\n - An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft Edge. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2018-0767, CVE-2018-0780, CVE-2018-0800)\n\n - An elevation of privilege vulnerability exists when Microsoft Edge does not properly enforce cross-domain policies, which could allow an attacker to access information from one domain and inject it into another domain. (CVE-2018-0803)\n\n - An information disclosure vulnerability exists in Windows Adobe Type Manager Font Driver (ATMFD.dll) when it fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could potentially read data that was not intended to be disclosed. Note that this vulnerability would not allow an attacker to execute code or to elevate their user rights directly, but it could be used to obtain information that could be used to try to further compromise the affected system. (CVE-2018-0754)\n\n - A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n (CVE-2018-0762, CVE-2018-0772)\n\n - An information disclosure vulnerability exists when Microsoft Edge PDF Reader improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2018-0766)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Kernel API enforces permissions. An attacker who successfully exploited the vulnerability could impersonate processes, interject cross-process communication, or interrupt system functionality.\n (CVE-2018-0748, CVE-2018-0751, CVE-2018-0752)\n\n - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2018-0758, CVE-2018-0768, CVE-2018-0769, CVE-2018-0770, CVE-2018-0773, CVE-2018-0774, CVE-2018-0775, CVE-2018-0776, CVE-2018-0777, CVE-2018-0778, CVE-2018-0781)\n\n - An elevation of privilege vulnerability exists in the Microsoft Server Message Block (SMB) Server when an attacker with valid credentials attempts to open a specially crafted file over the SMB protocol on the same machine. An attacker who successfully exploited this vulnerability could bypass certain security checks in the operating system. (CVE-2018-0749)\n\n - A denial of service vulnerability exists in the way that Windows handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding. Note that the denial of service condition would not allow an attacker to execute code or to elevate user privileges. However, the denial of service condition could prevent authorized users from using system resources. The security update addresses the vulnerability by correcting how Windows handles objects in memory. (CVE-2018-0753)\n\n - An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited the vulnerability could retrieve the memory address of a kernel object. (CVE-2018-0745, CVE-2018-0746, CVE-2018-0747)\n\n - An elevation of privilege vulnerability exists due to an integer overflow in Windows Subsystem for Linux. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.\n (CVE-2018-0743)", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-01-04T00:00:00", "type": "nessus", "title": "KB4056892: Windows 10 Version 1709 and Windows Server Version 1709 January 2018 Security Update (Meltdown)(Spectre)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": true, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-5715", "CVE-2017-5753", "CVE-2017-5754", "CVE-2018-0743", "CVE-2018-0744", "CVE-2018-0745", "CVE-2018-0746", "CVE-2018-0747", "CVE-2018-0748", "CVE-2018-0749", "CVE-2018-0751", "CVE-2018-0752", "CVE-2018-0753", "CVE-2018-0754", "CVE-2018-0758", "CVE-2018-0762", "CVE-2018-0766", "CVE-2018-0767", "CVE-2018-0768", "CVE-2018-0769", "CVE-2018-0770", "CVE-2018-0772", "CVE-2018-0773", "CVE-2018-0774", "CVE-2018-0775", "CVE-2018-0776", "CVE-2018-0777", "CVE-2018-0778", "CVE-2018-0780", "CVE-2018-0781", "CVE-2018-0800", "CVE-2018-0803"], "modified": "2020-08-18T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:edge"], "id": "SMB_NT_MS18_JAN_4056892.NASL", "href": "https://www.tenable.com/plugins/nessus/105550", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(105550);\n script_version(\"1.23\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/08/18\");\n\n script_cve_id(\n \"CVE-2017-5715\",\n \"CVE-2017-5753\",\n \"CVE-2017-5754\",\n \"CVE-2018-0743\",\n \"CVE-2018-0744\",\n \"CVE-2018-0745\",\n \"CVE-2018-0746\",\n \"CVE-2018-0747\",\n \"CVE-2018-0748\",\n \"CVE-2018-0749\",\n \"CVE-2018-0751\",\n \"CVE-2018-0752\",\n \"CVE-2018-0753\",\n \"CVE-2018-0754\",\n \"CVE-2018-0758\",\n \"CVE-2018-0762\",\n \"CVE-2018-0766\",\n \"CVE-2018-0767\",\n \"CVE-2018-0768\",\n \"CVE-2018-0769\",\n \"CVE-2018-0770\",\n \"CVE-2018-0772\",\n \"CVE-2018-0773\",\n \"CVE-2018-0774\",\n \"CVE-2018-0775\",\n \"CVE-2018-0776\",\n \"CVE-2018-0777\",\n \"CVE-2018-0778\",\n \"CVE-2018-0780\",\n \"CVE-2018-0781\",\n \"CVE-2018-0800\",\n \"CVE-2018-0803\"\n );\n script_bugtraq_id(102378);\n script_xref(name:\"MSKB\", value:\"4056892\");\n script_xref(name:\"IAVA\", value:\"2018-A-0019\");\n script_xref(name:\"IAVA\", value:\"2018-A-0020\");\n script_xref(name:\"MSFT\", value:\"MS18-4056892\");\n script_xref(name:\"MSKB\", value:\"4073291\");\n script_xref(name:\"MSFT\", value:\"MS18-4073291\");\n\n script_name(english:\"KB4056892: Windows 10 Version 1709 and Windows Server Version 1709 January 2018 Security Update (Meltdown)(Spectre)\");\n script_summary(english:\"Checks for rollup.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4056892\nor 4073291. It is, therefore, affected by multiple \nvulnerabilities :\n\n - An vulnerability exists within microprocessors utilizing \n speculative execution and indirect branch prediction, \n which may allow an attacker with local user access to \n disclose information via a side-channel analysis.\n (CVE-2017-5715, CVE-2017-5753, CVE-2017-5754)\n\n - An elevation of privilege vulnerability exists when the\n Windows kernel fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2018-0744)\n\n - An information disclosure vulnerability exists when the\n scripting engine does not properly handle objects in\n memory in Microsoft Edge. An attacker who successfully\n exploited the vulnerability could obtain information to\n further compromise the users system. (CVE-2018-0767,\n CVE-2018-0780, CVE-2018-0800)\n\n - An elevation of privilege vulnerability exists when\n Microsoft Edge does not properly enforce cross-domain\n policies, which could allow an attacker to access\n information from one domain and inject it into another\n domain. (CVE-2018-0803)\n\n - An information disclosure vulnerability exists in\n Windows Adobe Type Manager Font Driver (ATMFD.dll) when\n it fails to properly handle objects in memory. An\n attacker who successfully exploited this vulnerability\n could potentially read data that was not intended to be\n disclosed. Note that this vulnerability would not allow\n an attacker to execute code or to elevate their user\n rights directly, but it could be used to obtain\n information that could be used to try to further\n compromise the affected system. (CVE-2018-0754)\n\n - A remote code execution vulnerability exists in the way\n the scripting engine handles objects in memory in\n Microsoft browsers. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2018-0762, CVE-2018-0772)\n\n - An information disclosure vulnerability exists when\n Microsoft Edge PDF Reader improperly handles objects in\n memory. An attacker who successfully exploited the\n vulnerability could obtain information to further\n compromise the users system. (CVE-2018-0766)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Kernel API enforces permissions. An\n attacker who successfully exploited the vulnerability\n could impersonate processes, interject cross-process\n communication, or interrupt system functionality.\n (CVE-2018-0748, CVE-2018-0751, CVE-2018-0752)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Microsoft Edge. The vulnerability could corrupt memory\n in such a way that an attacker could execute arbitrary\n code in the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2018-0758,\n CVE-2018-0768, CVE-2018-0769, CVE-2018-0770,\n CVE-2018-0773, CVE-2018-0774, CVE-2018-0775,\n CVE-2018-0776, CVE-2018-0777, CVE-2018-0778,\n CVE-2018-0781)\n\n - An elevation of privilege vulnerability exists in the\n Microsoft Server Message Block (SMB) Server when an\n attacker with valid credentials attempts to open a\n specially crafted file over the SMB protocol on the same\n machine. An attacker who successfully exploited this\n vulnerability could bypass certain security checks in\n the operating system. (CVE-2018-0749)\n\n - A denial of service vulnerability exists in the way that\n Windows handles objects in memory. An attacker who\n successfully exploited the vulnerability could cause a\n target system to stop responding. Note that the denial\n of service condition would not allow an attacker to\n execute code or to elevate user privileges. However, the\n denial of service condition could prevent authorized\n users from using system resources. The security update\n addresses the vulnerability by correcting how Windows\n handles objects in memory. (CVE-2018-0753)\n\n - An information disclosure vulnerability exists in the\n Windows kernel that could allow an attacker to retrieve\n information that could lead to a Kernel Address Space\n Layout Randomization (ASLR) bypass. An attacker who\n successfully exploited the vulnerability could retrieve\n the memory address of a kernel object. (CVE-2018-0745,\n CVE-2018-0746, CVE-2018-0747)\n\n - An elevation of privilege vulnerability exists due to an\n integer overflow in Windows Subsystem for Linux. An\n attacker who successfully exploited the vulnerability\n could execute code with elevated permissions.\n (CVE-2018-0743)\");\n # https://support.microsoft.com/en-us/help/4056892/windows-10-update-kb4056892\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?dd4c75b0\");\n # https://support.microsoft.com/en-us/help/4073291/windows-10-update-kb4073291\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?82660d06\");\n # https://support.microsoft.com/en-us/help/4072699/windows-security-updates-and-antivirus-software\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?67de4887\");\n # https://support.microsoft.com/en-us/help/4072698/windows-server-speculative-execution-side-channel-vulnerabilities-prot\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?8902cebb\");\n script_set_attribute(attribute:\"solution\", value:\n \"Apply Cumulative Update KB4056892 or KB4073291 as well as refer\n to the KB4072698 article for additional information.\n\nNote: Due to a compatibility issue with some antivirus software\nproducts, it may not be possible to apply the required updates.\nSee Microsoft KB article 4072699 for more information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-0758\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/04\");\n\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\", 'microsoft_windows_env_vars.nasl');\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"smb_reg_query.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS18-01\";\narch = get_kb_item_or_exit('SMB/ARCH');\n\nif(arch == \"x86\")\n kbs = make_list('4056892','4073291');\nelse\n kbs = make_list('4056892');\n\nproductname = get_kb_item_or_exit(\"SMB/ProductName\", exit_code:1);\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nvuln = 0;\nif (arch == \"x86\")\n{\n if(smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"16299\",\n rollup_date:\"01_2018_2\",\n bulletin:bulletin,\n rollup_kb_list:[4073291])\n )\n vuln++;\n}\nelse\n{\n if(smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"16299\",\n rollup_date:\"01_2018\",\n bulletin:bulletin,\n rollup_kb_list:[4056892])\n )\n vuln++;\n}\n\nif(vuln > 0)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2020-06-08T23:06:11", "description": "This host is missing a critical security\n update according to Microsoft KB4056892.", "cvss3": {}, "published": "2018-01-04T00:00:00", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4056892)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-0781", "CVE-2017-5753", "CVE-2017-5754", "CVE-2018-0762", "CVE-2018-0751", "CVE-2018-0772", "CVE-2018-0770", "CVE-2018-0800", "CVE-2018-0746", "CVE-2018-0753", "CVE-2018-0748", "CVE-2018-0778", "CVE-2018-0773", "CVE-2018-0769", "CVE-2018-0754", "CVE-2018-0775", "CVE-2018-0767", "CVE-2018-0776", "CVE-2018-0745", "CVE-2018-0777", "CVE-2017-5715", "CVE-2018-0758", "CVE-2018-0766", "CVE-2018-0768", "CVE-2018-0786", "CVE-2018-0764", "CVE-2018-0774", "CVE-2018-0747", "CVE-2018-0743", "CVE-2018-0744", "CVE-2018-0780", "CVE-2018-0749", "CVE-2018-0752", "CVE-2018-0803"], "modified": "2020-06-04T00:00:00", "id": "OPENVAS:1361412562310812292", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310812292", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Windows Multiple Vulnerabilities (KB4056892)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.812292\");\n script_version(\"2020-06-04T11:13:22+0000\");\n script_cve_id(\"CVE-2018-0743\", \"CVE-2018-0744\", \"CVE-2018-0745\", \"CVE-2018-0746\",\n \"CVE-2018-0747\", \"CVE-2018-0748\", \"CVE-2018-0749\", \"CVE-2018-0751\",\n \"CVE-2018-0752\", \"CVE-2018-0753\", \"CVE-2018-0754\", \"CVE-2018-0758\",\n \"CVE-2018-0762\", \"CVE-2018-0766\", \"CVE-2018-0767\", \"CVE-2018-0768\",\n \"CVE-2018-0769\", \"CVE-2018-0770\", \"CVE-2018-0772\", \"CVE-2018-0773\",\n \"CVE-2018-0800\", \"CVE-2018-0776\", \"CVE-2018-0777\", \"CVE-2018-0780\",\n \"CVE-2018-0803\", \"CVE-2018-0774\", \"CVE-2018-0775\", \"CVE-2018-0781\",\n \"CVE-2017-5753\", \"CVE-2017-5715\", \"CVE-2017-5754\", \"CVE-2018-0778\",\n \"CVE-2018-0764\", \"CVE-2018-0786\");\n script_tag(name:\"cvss_base\", value:\"7.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-04 11:13:22 +0000 (Thu, 04 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-01-04 15:51:45 +0530 (Thu, 04 Jan 2018)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4056892)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4056892.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - Microsoft Edge does not properly enforce cross-domain policies.\n\n - The scripting engine handles objects in memory in Microsoft Edge.\n\n - The scripting engine handles objects in memory in Microsoft browsers.\n\n - Windows Adobe Type Manager Font Driver (ATMFD.dll) fails to properly\n handle objects in memory.\n\n - Microsoft Edge PDF Reader improperly handles objects in memory.\n\n - Windows kernel fails to properly handle objects in memory.\n\n - An error in the way that the Windows Kernel API enforces permissions.\n\n - An error in the Microsoft Server Message Block (SMB) Server when an attacker\n with valid credentials attempts to open a specially crafted file over the SMB\n protocol on the same machine.\n\n - An error in the Windows kernel.\n\n - Multiple errors leading to 'speculative execution side-channel attacks' that\n affect many modern processors and operating systems including Intel, AMD, and ARM.\n\n - An integer overflow in Windows Subsystem for Linux.\n\n - .NET, and .NET core, improperly process XML documents.\n\n - Microsoft .NET Framework (and .NET Core) components do not completely validate\n certificates.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to elevate privileges, execute arbitrary code in the context of the current\n user, potentially read data that was not intended to be disclosed, impersonate\n processes, interject cross-process communication, or interrupt system\n functionality, bypass certain security checks in the operating system and can\n cause a target system to stop responding and can be used to read the content\n of memory across a trusted boundary and can therefore lead to information\n disclosure and some unspecified impacts too.\");\n\n script_tag(name:\"affected\", value:\"Microsoft Windows 10 Version 1709 x32/x64.\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4056892\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win10:1, win10x64:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath ){\n exit(0);\n}\n\nedgeVer = fetch_file_version(sysPath:sysPath, file_name:\"edgehtml.dll\");\nif(!edgeVer){\n exit(0);\n}\n\nif(version_in_range(version:edgeVer, test_version:\"11.0.16299.0\", test_version2:\"11.0.16299.191\"))\n{\n report = 'File checked: ' + sysPath + \"\\Edgehtml.dll\" + '\\n' +\n 'File version: ' + edgeVer + '\\n' +\n 'Vulnerable range: 11.0.16299.0 - 11.0.16299.191\\n' ;\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}], "talosblog": [{"lastseen": "2018-01-29T19:59:50", "description": "Today Microsoft has released its monthly set of security advisories for vulnerabilities that have been identified and addressed in various products. This month's advisory release addresses 56 new vulnerabilities with 16 of them rated critical, 39 of them rated important and 1 of them rated Moderate. These vulnerabilities impact ASP.NET, Edge, Internet Explorer, Office, Windows, and more. \n \nIn addition to the 56 vulnerabilities addressed, Microsoft has also released an update that addresses Meltdown and Spectre. Mitigations for these two vulnerabilities were published for Windows in [ADV180002](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002>). Note that due to incompatibilities with anti-virus products, users and organizations may not have received this update yet. For more information, users should refer to Microsoft's knowledge base [article](<https://support.microsoft.com/en-us/help/4072699/january-3-2018-windows-security-updates-and-antivirus-software>) which covers this issue. \n \n \n\n\n## Vulnerabilities Rated Critical\n\n \nMicrosoft has assigned the following vulnerabilities a Critical severity rating: \n\n\n * CVE-2018-0758 - Scripting Engine Memory Corruption Vulnerability\n * CVE-2018-0762 - Scripting Engine Memory Corruption Vulnerability\n * CVE-2018-0767 - Scripting Engine Information Disclosure Vulnerability\n * CVE-2018-0769 - Scripting Engine Memory Corruption Vulnerability\n * CVE-2018-0770 - Scripting Engine Memory Corruption Vulnerability\n * CVE-2018-0772 - Scripting Engine Memory Corruption Vulnerability\n * CVE-2018-0773 - Scripting Engine Memory Corruption Vulnerability\n * CVE-2018-0774 - Scripting Engine Memory Corruption Vulnerability\n * CVE-2018-0775 - Scripting Engine Memory Corruption Vulnerability\n * CVE-2018-0776 - Scripting Engine Memory Corruption Vulnerability\n * CVE-2018-0777 - Scripting Engine Memory Corruption Vulnerability\n * CVE-2018-0778 - Scripting Engine Memory Corruption Vulnerability\n * CVE-2018-0780 - Scripting Engine Information Disclosure Vulnerability\n * CVE-2018-0781 - Scripting Engine Memory Corruption Vulnerability\n * CVE-2018-0797 - Microsoft Word Memory Corruption Vulnerability\n * CVE-2018-0800 - Scripting Engine Information Disclosure Vulnerability\nThe following is a brief description of each vulnerability. \n \n\n\n### Multiple CVEs - Scripting Engine Memory Corruption Vulnerability\n\n \nMultiple remote code execution vulnerabilities have been discovered that affect Microsoft Edge and Internet Explorer. These vulnerabilities manifest due to Internet Explorer and Edge not properly handling objects in memory. Successful exploitation of these vulnerabilities could result in an attacker obtaining the ability to execute code within the context of the current user. Scenarios where these vulnerabilities would likely be exploited include web-based attacks where the user navigates to a malicious web page designed to exploit this vulnerability or, in some cases, opens a Microsoft Office document that utilizes the browser rendering engine. \n \nThe following is a list of CVEs related to these vulnerabilities. \n\n\n * CVE-2018-0758\n * CVE-2018-0762\n * CVE-2018-0769\n * CVE-2018-0770\n * CVE-2018-0772\n * CVE-2018-0773\n * CVE-2018-0774\n * CVE-2018-0775\n * CVE-2018-0776\n * CVE-2018-0777\n * CVE-2018-0778\n * CVE-2018-0781\n\n### Multiple CVEs - Scripting Engine Information Disclosure Vulnerability\n\n \nTwo information disclosure vulnerabilities have been discovered that affect Microsoft Edge. These vulnerabilities manifests due to Microsoft Edge not properly handling objects in memory. These vulnerabilities could be leveraged by an attacker to obtain sensitive information from an affected system. This information could then be utilized to launch additional attacks against the system. Scenarios where these vulnerabilities would like be exploited include web-based attacks where the user navigates to a malicious web page designed to exploit this vulnerability. \n \nThe following is a list of CVEs related to these vulnerabilities. \n\n\n * CVE-2018-0767\n * CVE-2018-0780\n * CVE-2018-0800\n\n### CVE-2018-0797 - Microsoft Word Memory Corruption Vulnerability\n\n \nA remote code execution vulnerability has been discovered that affects Microsoft Office. This vulnerability manifests due to Microsoft Office failing to properly handle RTF files. Successful exploitation of this vulnerability could result in an attacker gaining the ability to execute code within the context of the current user. Scenarios where this vulnerability would likely be exploited include web-based attacks where the user navigates to a malicious web page containing a specially crafted RTF file or in email-based attacks where the user opens a specially crafted file that has been received as an email attachment. \n \n\n\n## Vulnerabilities Rated Important\n\n \nMicrosoft has assigned the following vulnerabilities an Important severity rating: \n\n\n * CVE-2018-0741 - Microsoft Color Management Information Disclosure Vulnerability\n * CVE-2018-0743 - Windows Subsystem for Linux Elevation of Privilege Vulnerability\n * CVE-2018-0744 - Windows Elevation of Privilege Vulnerability\n * CVE-2018-0745 - Windows Information Disclosure Vulnerability\n * CVE-2018-0746 - Windows Information Disclosure Vulnerability\n * CVE-2018-0747 - Windows Information Disclosure Vulnerability\n * CVE-2018-0748 - Windows Elevation of Privilege Vulnerability\n * CVE-2018-0749 - SMB Server Elevation of Privilege Vulnerability\n * CVE-2018-0750 - Windows GDI Information Disclosure Vulnerability\n * CVE-2018-0751 - Windows Elevation of Privilege Vulnerability\n * CVE-2018-0752 - Windows Elevation of Privilege Vulnerability\n * CVE-2018-0753 - Windows IPSec Denial of Service Vulnerability\n * CVE-2018-0754 - ATMFD.dll Information Disclosure Vulnerability\n * CVE-2018-0764 - .NET and .NET Core Denial Of Service Vulnerability\n * CVE-2018-0766 - Microsoft Edge Information Disclosure Vulnerability\n * CVE-2018-0768 - Scripting Engine Memory Corruption Vulnerability\n * CVE-2018-0784 - ASP.NET Core Elevation Of Privilege Vulnerability\n * CVE-2018-0786 - .NET Security Feature Bypass Vulnerability\n * CVE-2018-0788 - ATMFD.dll Information Disclosure Vulnerability\n * CVE-2018-0789 - Microsoft Office Spoofing Vulnerability\n * CVE-2018-0790 - Microsoft Office Information Disclosure Vulnerability\n * CVE-2018-0791 - Microsoft Outlook Remote Code Execution Vulnerability\n * CVE-2018-0792 - Microsoft Word Remote Code Execution\n * CVE-2018-0793 - Microsoft Outlook Remote Code Execution\n * CVE-2018-0794 - Microsoft Word Remote Code Execution\n * CVE-2018-0795 - Microsoft Office Remote Code Execution\n * CVE-2018-0796 - Microsoft Excel Remote Code Execution\n * CVE-2018-0798 - Microsoft Word Memory Corruption Vulnerability\n * CVE-2018-0799 - Microsoft Access Tampering Vulnerability\n * CVE-2018-0801 - Microsoft Office Remote Code Execution Vulnerability\n * CVE-2018-0802 - Microsoft Office Memory Corruption Vulnerability\n * CVE-2018-0803 - Microsoft Edge Elevation of Privilege Vulnerability\n * CVE-2018-0805 - Microsoft Word Remote Code Execution Vulnerability\n * CVE-2018-0806 - Microsoft Word Remote Code Execution Vulnerability\n * CVE-2018-0807 - Microsoft Word Remote Code Execution Vulnerability\n * CVE-2018-0812 - Microsoft Word Memory Corruption Vulnerability\n * CVE-2018-0818 - Scripting Engine Security Feature Bypass\n * CVE-2018-0819 - Spoofing Vulnerability in Microsoft Office for MAC\nThe following is a brief description of each vulnerability: \n \n\n\n### CVE-2018-0741 - Microsoft Color Management Information Disclosure Vulnerability\n\n \nAn information disclosure vulnerability has been discovered affecting Microsoft Graphics Component. This vulnerability manifests due to the Color Management Module (ICM32.dll) not properly handling objects in memory. Successful exploitation of this vulnerability could provide an attacker with the information required to bypass Address Space Layout Randomization (ASLR). While this vulnerability does not provide code execution, it could make it easier to successfully exploit remote code execution vulnerabilities due to the ability of the attacker to bypass ASLR. \n \n\n\n### CVE-2018-0743 - Windows Subsystem for Linux Elevation of Privilege Vulnerability\n\n \nA privilege escalation vulnerability has been discovered affecting Windows Subsystem for Linux. This vulnerability manifests due to an integer overflow present in Windows Subsystem for Linux. Successful exploitation of this vulnerability requires an authenticated local attacker to run a specially crafted program and could allow them to execute code with elevated privileges on affected systems. \n \n\n\n### CVE-2018-0744 - Windows Elevation of Privilege Vulnerability\n\n \nA privilege escalation vulnerability has been discovered affecting the Windows Kernel. This vulnerability manifests due to the Windows kernel failing to properly handle objects in memory. Successful exploitation of this vulnerability requires an authenticated local attacker to run a specially crafted program and could allow them to execute code with elevated privileges on affected systems. \n \n\n\n### Multiple CVEs - Windows Information Disclosure Vulnerability\n\n \nMultiple information disclosure vulnerabilities have been discovered affecting Windows kernel. Successful exploitation of these vulnerability could provide an attacker information required to bypass ASLR as they allows the retrieval of the memory address of kernel objects. Exploitation of these vulnerability would require an authenticated local attacker to run a specially crafted program. \n \nThe following is a list of CVEs related to these vulnerabilities. \n\n\n * CVE-2018-0745\n * CVE-2018-0746\n * CVE-2018-0747\n\n### Multiple CVEs - Windows Elevation of Privilege Vulnerability\n\n \nMultiple privilege escalation vulnerabilities have been discovered affecting the Windows kernel. These vulnerabilities manifests due to the Windows Kernel API failing to properly enforce permissions. Successful exploitation of these vulnerability would require an authenticated local attacker to execute a specially crafted program and could result in the attacker having the ability to impersonate processes, inject cross-process communications, or interrupt system functionality. \n \nThe following is a list of CVEs related to these vulnerabilities. \n\n\n * CVE-2018-0748\n * CVE-2018-0751\n * CVE-2018-0752\n\n### CVE-2018-0749 - SMB Server Elevation of Privilege Vulnerability\n\n \nA privilege escalation vulnerability has been discovered affecting Windows SMB Server. This vulnerability manifests when an attacker with valid credentials to authenticate to an affected system opens a specially crafted file locally using the SMB protocol. Successful exploitation of this vulnerability could allow an attacker to bypass certain security checks. An attacker must have valid credentials and be authenticated to the affected system. \n \n\n\n### CVE-2018-0750 - Windows GDI Information Disclosure Vulnerability\n\n \nAn information disclosure vulnerability has been discovered affecting Microsoft Graphics Component. This vulnerability manifests due to the Windows GDI component improperly disclosing kernel memory addresses. Successful exploitation of this vulnerability could result in an attacker obtaining sensitive information that could be used to further attack the system. In order to exploit this vulnerability an attacker need to log on to the affected system and execute a specially crafted program. \n \n\n\n### CVE-2018-0753 - Windows IPSec Denial of Service Vulnerability\n\n \nA denial of service vulnerability has been discovered that affects IPSec. This vulnerability manifests due to Windows improperly handling objects in memory. Successful exploitation of this vulnerability could allow an attacker to cause a system to stop responding, preventing the system from being used by authorized users. \n \n\n\n### CVE-2018-0754 - ATMFD.dll Information Disclosure Vulnerability\n\n \nAn information disclosure vulnerability exists affecting Graphics Fonts. This vulnerability manifests due to the Adobe Type Manager Font Driver (ATMFD.dll) improperly handling objects in memory. Successful exploitation of this vulnerability could allow an attacker to obtain sensitive information that could be used to further attack affected systems. Scenarios where this vulnerability would likely be exploited include an attacker opening a document containing specially crafted fonts on an affected system. \n \n\n\n### CVE-2018-0764 - .NET and .NET Core Denial Of Service Vulnerability\n\n \nA denial of service vulnerability has been discovered affecting the .NET Framework. This vulnerability manifests due to .NET and .NET core improperly processing XML documents. Successful exploitation of this vulnerability could cause a denial of service in an affected .NET application. This vulnerability could be exploited by an attacker by sending specially crafted requests to a vulnerable .NET or .NET core application. \n \n\n\n### CVE-2018-0766 - Microsoft Edge Information Disclosure Vulnerability\n\n \nAn information disclosure vulnerability have been identified that affects Microsoft Edge. This vulnerability manifests due to Microsoft Edge PDF reader improperly handling objects in memory. This vulnerability could be leveraged by an attacker to obtain information that could be used for subsequent attacks against an affected system. Scenarios where this vulnerability would likely be exploited include web-based attacks where the user navigates to a malicious PDF hosted on an attacker controlled website. \n \n\n\n### CVE-2018-0768 - Scripting Engine Memory Corruption Vulnerability\n\n \nA remote code execution vulnerability have been discovered that affects Microsoft Edge and Internet Explorer. This vulnerability manifests due to Internet Explorer and Edge not properly handling objects in memory. Successful exploitation of this vulnerability could result in an attacker obtaining the ability to execute code within the context of the current user. Scenarios where this vulnerability would likely be exploited include web-based attacks where the user navigates to a malicious web page designed to exploit this vulnerability. \n \n\n\n### CVE-2018-0784 - ASP.NET Core Elevation Of Privilege Vulnerability\n\n \nA vulnerability have been discovered in the ASP.NET Core that could allow a privilege escalation attack to occur. This vulnerability manifests when an ASP.NET Core web application, based on a vulnerable project template, incorrectly utilizes input without first sanitizing it. An attacker who exploits this vulnerability could perform content injection attacks and run scripts in the context of the current user. Exploitation of this vulnerability could be achieved in email-based attack scenarios or via other social engineering means where the user clicks on a specially crafted link. \n \n\n\n### CVE-2018-0786 - .NET Security Feature Bypass Vulnerability\n\n \nA security feature bypass vulnerability in the Microsoft .NET Framework and .NET Core have been identified that could allow attackers to bypass certificate validation. This vulnerability manifests in the way certificates are handled where certificates marked invalid for specific use may still be used for that purpose. \n \n\n\n### CVE-2018-0788 - OpenType Font Driver Elevation of Privilege Vulnerability\n\n \nA privilege escalation vulnerability has been discovered in the Windows Adobe OpenType Font Driver. This vulnerability manifests as a result of the library incorrectly handling objects in memory. Exploitation of this vulnerability could be achieved by running a specially crafted application that exploits this flaw. \n \n\n\n### Multiple CVEs - Microsoft SharePoint Cross Site Scripting Elevation of Privilege Vulnerability\n\n \nTwo cross-site scripting vulnerabilities have been identified in Microsoft Sharepoint that could allow an attacker to perform a privilege escalation attack. These vulnerabilities manifest as a result of improper input sanitization for specially crafted web requests. An attacker who exploits these vulnerabilities would be able to run scripts in the context of the affected user, allowing the attacker to read content or perform actions based on that user's permission. \n \nThe following is a list of CVEs related to these vulnerabilities. \n\n\n * CVE-2018-0789\n * CVE-2018-0790\n\n### Multiple CVEs - Microsoft Outlook Remote Code Execution Vulnerability\n\n \nTwo remote code execution vulnerabilities have been identified in Microsoft Outlook that could allow an attacker to execute arbitrary code of their choice on targeted hosts. These vulnerabilities manifest as a result of Microsoft Outlook incorrectly parsing specially crafted emails. An attacker who sends a user a specially crafted email and socially engineers them to open a specially crafted attachment in Outlook could exploit this vulnerability. \n \nThe following is a list of CVEs related to these vulnerabilities. \n\n\n * CVE-2018-0791\n * CVE-2018-0793\n\n### Multiple CVEs - Microsoft Word Remote Code Execution Vulnerability\n\n \nMultiple arbitrary code execution vulnerabilities have been identified in Microsoft Word. These vulnerabilities manifest as a result of Microsoft Word incorrectly handing objects in memory. An attacker who exploits one of these vulnerabilities could execute arbitrary code of their choosing on targeted hosts. Scenarios where this could occur include email-based attacks or other scenarios involving social engineering where the attackers convince the user to open a specially crafted Word document. \n \nThe following is a list of CVEs related to these vulnerabilities. \n\n\n * CVE-2018-0792\n * CVE-2018-0794\n * CVE-2018-0805\n * CVE-2018-0806\n * CVE-2018-0807\n * CVE-2018-0812\n\n### CVE-2018-0796 - Microsoft Excel Remote Code Execution Vulnerability\n\n \nAn arbitrary code execution vulnerabilty have been identified in Microsoft Excel. This vulnerability manifests as a result of Microsoft Excel incorrectly handing objects in memory. An attacker who exploits this vulnerability could execute arbitrary code of their choosing on targeted hosts. Scenarios where this could occur include email-based attacks or other scenarios involving social engineering where the attackers convince the user to open a specially crafted Excel spreadsheet. \n \n\n\n### Multiple CVEs - Microsoft Office Memory Corruption Vulnerability\n\n \nMultiple arbitrary code execution vulnerabilities have been identified in Microsoft Office. These vulnerabilities manifest as a result of Microsoft Office incorrectly handing objects in memory. An attacker who exploits one of these vulnerabilities could execute arbitrary code of their choosing on targeted hosts. Scenarios where this could occur include email-based attacks or other scenarios involving social engineering where the attackers convince the user to open a specially crafted Office file. \n \nThe following is a list of CVEs related to these vulnerabilities. \n\n\n * CVE-2018-0795\n * CVE-2018-0798\n * CVE-2018-0801\n * CVE-2018-0802\n\n### CVE-2018-0799 - Microsoft Access Tampering Vulnerability\n\n \nA cross-site scripting vulnerability has been identified in Microsoft Access. This vulnerability manifests as a result of Microsoft Access incorrectly handling and sanitizing inputs to image fields editing within Design view. An attacker who exploits this vulnerability could execute arbitrary JavaScript in the context of the current user. An attacker could then read content or perform actions on behalf on the user on a remote site. Exploitation of this vulnerability could be achieved by opening a specially crafted Access file. \n \n\n\n### CVE-2018-0803 - Microsoft Edge Elevation of Privilege Vulnerability\n\n \nA vulnerability in Microsoft Edge has been identified that could result in privilege escalation if exploited. This vulnerability manifests as a result of Edge incorrectly enforcing cross-domain policies. Successful exploitation could result in a user obtaining elevated privileges. \n \n\n\n### CVE-2018-0818 - Scripting Engine Security Feature Bypass\n\n \nA security feature bypass vulnerability has been identified in Microsoft Chakra that could allow an attacker to bypass Control Flow Guard. An attacker could exploit this vulnerability by creating a specially crafted web page designed to exploit this vulnerability and convincing a user to visit the web page. \n \n\n\n### CVE-2018-0819 - Spoofing Vulnerability in Microsoft Office for Mac\n\n \nA spoofing vulnerability in Microsoft Outlook for Mac has been discovered and manifests as a result of Outlook for Mac incorrectly handling the encoding and display of email addresses. As a result, antivirus and anti-spam scanning may not work as intended. \n \n\n\n## Vulnerabilities Rated Moderate\n\n \nMicrosoft has assigned the following vulnerabilities an Moderate severity rating: \n\n\n * CVE-2018-0785 - ASP.NET Core Cross Site Request Forgery Vulnerability\nThe following is a brief description of this vulnerability: \n \n\n\n### CVE-2018-0785 - ASP.NET Core Cross Site Request Forgery Vulnerability\n\n \nA Cross Site Request Forgery (CSRF) vulnerability has been discovered affecting ASP.NET Core web applications that were created using vulnerable project templates. Successful exploitation of this vulnerability could allow an attacker to modify recovery codes associated with accounts to which the attacker should not have access to, resulting in the user being locked out of their account in situations where the user attempts to access their account after losing their 2FA device. \n \n\n\n## Coverage\n\n \nIn response to these vulnerability disclosures, Talos is releasing the following Snort rules that detect attempts to exploit them. Please note that additional rules may be released at a future date and current rules are subject to change pending additional information. Firepower customers should use the latest update to their ruleset by updating their SRU. Open Source Snort Subscriber Rule Set customers can stay up to date by downloading the latest rule pack available for purchase on Snort.org. \n \nSnort Rules: \n \n\n\n * 45374-45379\n * 45383-45384\n * 45387-45392\n * 45395-45396\n * 45402-45403\n \n \n\n\n[![](http://feeds.feedburner.com/~ff/feedburner/Talos?d=yIl2AUoC8zA)](<http://feeds.feedburner.com/~ff/feedburner/Talos?a=QkeaslD_R34:qiw230obZhU:yIl2AUoC8zA>)\n\n![](http://feeds.feedburner.com/~r/feedburner/Talos/~4/QkeaslD_R34)", "cvss3": {}, "published": "2018-01-09T13:36:00", "type": "talosblog", "title": "Microsoft Patch Tuesday - January 2018", "bulletinFamily": "blog", "cvss2": {}, "cvelist": ["CVE-2018-0741", "CVE-2018-0743", "CVE-2018-0744", "CVE-2018-0745", "CVE-2018-0746", "CVE-2018-0747", "CVE-2018-0748", "CVE-2018-0749", "CVE-2018-0750", "CVE-2018-0751", "CVE-2018-0752", "CVE-2018-0753", "CVE-2018-0754", "CVE-2018-0758", "CVE-2018-0762", "CVE-2018-0764", "CVE-2018-0766", "CVE-2018-0767", "CVE-2018-0768", "CVE-2018-0769", "CVE-2018-0770", "CVE-2018-0772", "CVE-2018-0773", "CVE-2018-0774", "CVE-2018-0775", "CVE-2018-0776", "CVE-2018-0777", "CVE-2018-0778", "CVE-2018-0780", "CVE-2018-0781", "CVE-2018-0784", "CVE-2018-0785", "CVE-2018-0786", "CVE-2018-0788", "CVE-2018-0789", "CVE-2018-0790", "CVE-2018-0791", "CVE-2018-0792", "CVE-2018-0793", "CVE-2018-0794", "CVE-2018-0795", "CVE-2018-0796", "CVE-2018-0797", "CVE-2018-0798", "CVE-2018-0799", "CVE-2018-0800", "CVE-2018-0801", "CVE-2018-0802", "CVE-2018-0803", "CVE-2018-0805", "CVE-2018-0806", "CVE-2018-0807", "CVE-2018-0812", "CVE-2018-0818", "CVE-2018-0819"], "modified": "2018-01-09T21:36:54", "id": "TALOSBLOG:EC1B279A70AF41A51CBB4EB4722EFA46", "href": "http://feedproxy.google.com/~r/feedburner/Talos/~3/QkeaslD_R34/ms-tuesday.html", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "trendmicroblog": [{"lastseen": "2018-01-26T09:59:23", "description": "![](https://blog.trendmicro.com/wp-content/uploads/2017/08/TippingPoint-300x205.jpg)\n\nLast week, three interesting vulnerabilities popped up on the news and security feeds. Researchers disclosed CVE-2017-5753 and CVE-2017-5715, collectively known as Spectre, and CVE-2017-5754, known as Meltdown. These vulnerabilities take advantage of \u201cspeculative execution\u201d of instructions performed by many modern microprocessors and can potentially allow an unprivileged attacker to read privileged memory allocated to the operating system kernel resulting in unintended information disclosure.\n\nIn order to exploit any of these vulnerabilities, an attacker must be able to run crafted code on an affected device. Trend Micro\u2019s TippingPoint devices are closed systems that only allow our trusted code to be executed. The underlying CPU and OS combination in the TippingPoint devices may be affected by these vulnerabilities; however, because our systems are closed with an inability to run arbitrary code, there is no vector to exploit. As of the writing of this blog, there are no known attacks that impact TippingPoint products. Our team will continue to monitor the situation and inform our customers of any updates.\n\nOn January 5, 2018, we released DV filter 30191 outside of our normal schedule to provide protection against a published remote JavaScript exploit of the Spectre vulnerability. Our team will continue to monitor the situation and will release additional filters as needed. Customers with concerns or further questions can contact the Trend Micro TippingPoint Technical Assistance Center (TAC). If you have other Trend Micro solutions, you can visit [Trend Micro Business Support](<https://success.trendmicro.com/solution/1119183-important-information-for-trend-micro-solutions-and-microsoft-january-2018-security-updates>) to get additional information.\n\n**TippingPoint Product Updates**\n\nEarlier this week, we released the following new releases for TippingPoint products:\n\n__Security Management System (SMS) Patches__\n\nThe following patches include minor enhancements, bug fixes and address security issues:\n\n**SMS Version** | **Patch** | **Software** \n---|---|--- \nSMS v4.4.0 | 2 | SMS_Patch-4.4.0.57192.2.pkg \nSMS v4.5.0 | 1 | SMS_Patch-4.5.0.98012.1.pkg \nSMS v4.6.0 | 1 | SMS_Patch-4.6.0.101914.1.pkg \nSMS v5.0.0 | 1 | SMS_Patch-5.0.0.106258.1.pkg \n \n \n\n__TippingPoint Operating System (TOS) v5.0.1 for Threat Protection System (TPS)__\n\nVersion 5.0.1 build 4821 has been released for the TPS family (vTPS, 440T, 2200T, 8200TX, 8400TX) of devices.\n\nTOS version 5.0.1.4821 will be released to manufacturing on March 31, 2018. All TPS family hardware appliances (440T, 2200T, 8200TX, 8400TX) will be manufactured with 5.0.1.4821 as January 9, 2018. This TOS release improves the overall security of the TPS and vTPS security devices, and resolves a number of issues.\n\nFor the complete list of enhancements and changes, customers can refer to the product release notes located on the [Threat Management Center (TMC) website](<https://tmc.tippingpoint.com/>) or contact the TippingPoint Technical Assistance Center (TAC) for questions or technical assistance.\n\n**Microsoft Updates**\n\nDue to the Meltdown and Spectre vulnerabilities, Microsoft issued an out-of-band update. The following table maps Digital Vaccine filters to the Microsoft updates issued on January 3, 2018:\n\n**CVE #** | **Digital Vaccine Filter #** | **Status** \n---|---|--- \nCVE-2018-0741 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0743 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0744 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0745 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0746 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0747 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0748 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0749 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0750 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0751 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0752 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0753 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0754 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0758 | 30160 | \nCVE-2018-0762 | 30167 | \nCVE-2018-0766 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0767 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0768 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0769 | 30168 | \nCVE-2018-0770 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0772 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0773 | 30169 | \nCVE-2018-0774 | 30185 | \nCVE-2018-0775 | 30186 | \nCVE-2018-0776 | 30164 | \nCVE-2018-0777 | 30162 | \nCVE-2018-0778 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0780 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0781 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0788 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0800 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0803 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0818 | | Vendor Deemed Reproducibility or Exploitation Unlikely \n \n \n\nThis week\u2019s Digital Vaccine\u00ae (DV) package includes coverage for Microsoft updates released on or before January 9, 2018. Security patches were released by Microsoft covering Internet Explorer (IE), Microsoft Edge, ChakraCore, Microsoft Windows, Microsoft Office, ASP.NET, and the .NET Framework. The following table maps Digital Vaccine filters to the Microsoft updates. You can get more detailed information on this month\u2019s security updates from Dustin Childs\u2019 [January 2018 Security Update Review](<https://www.zerodayinitiative.com/blog/2018/1/9/the-january-2018-security-update-review>) from the Zero Day Initiative:\n\n**CVE #** | **Digital Vaccine Filter #** | **Status** \n---|---|--- \nCVE-2018-0764 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0784 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0785 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0786 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0789 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0790 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0791 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0792 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0793 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0794 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0795 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0796 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0797 | 30163 | \nCVE-2018-0798 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0799 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0801 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0802 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0804 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0805 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0806 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0807 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0812 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0819 | | Vendor Deemed Reproducibility or Exploitation Unlikely \n \n \n\n**Adobe Security Update**\n\nThis week\u2019s Digital Vaccine\u00ae (DV) package also includes coverage for Adobe updates released on or before January 9, 2018. The following table maps Digital Vaccine filters to the Adobe updates.\n\n**Bulletin #** | **CVE #** | **Digital Vaccine Filter #** | **Status** \n---|---|---|--- \nAPSB18-01 | CVE-2018-4871 | 30201 | \n \n \n\n**Zero-Day Filters**\n\nThere are five new zero-day filters covering one vendor in this week\u2019s Digital Vaccine (DV) package. A number of existing filters in this week\u2019s DV package were modified to update the filter description, update specific filter deployment recommendation, increase filter accuracy and/or optimize performance. You can browse the list of [published advisories](<http://www.zerodayinitiative.com/advisories/published/>) and [upcoming advisories](<http://www.zerodayinitiative.com/advisories/upcoming/>) on the [Zero Day Initiative](<http://www.zerodayinitiative.com/>) website. You can also follow the Zero Day Initiative on Twitter [@thezdi](<https://twitter.com/thezdi>) and on their [blog](<https://www.zerodayinitiative.com/blog>).\n\n**_Adobe (5)_**\n\n| \n\n * 29948: ZDI-CAN-5154: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)\n * 29962: ZDI-CAN-5210: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)\n * 29967: ZDI-CAN-5223: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)\n * 29971: ZDI-CAN-5227: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)\n * 29973: ZDI-CAN-5239: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC) \n---|--- \n| \n \n**Missed Last Week\u2019s News?**\n\nCatch up on last week\u2019s news in my [weekly recap](<http://blog.trendmicro.com/tippingpoint-threat-intelligence-zero-day-coverage-week-january-1-2018/>).", "cvss3": {}, "published": "2018-01-12T15:09:44", "type": "trendmicroblog", "title": "TippingPoint Threat Intelligence and Zero-Day Coverage \u2013 Week of January 8, 2018", "bulletinFamily": "blog", "cvss2": {}, "cvelist": ["CVE-2017-5715", "CVE-2017-5753", "CVE-2017-5754", "CVE-2018-0741", "CVE-2018-0743", "CVE-2018-0744", "CVE-2018-0745", "CVE-2018-0746", "CVE-2018-0747", "CVE-2018-0748", "CVE-2018-0749", "CVE-2018-0750", "CVE-2018-0751", "CVE-2018-0752", "CVE-2018-0753", "CVE-2018-0754", "CVE-2018-0758", "CVE-2018-0762", "CVE-2018-0764", "CVE-2018-0766", "CVE-2018-0767", "CVE-2018-0768", "CVE-2018-0769", "CVE-2018-0770", "CVE-2018-0772", "CVE-2018-0773", "CVE-2018-0774", "CVE-2018-0775", "CVE-2018-0776", "CVE-2018-0777", "CVE-2018-0778", "CVE-2018-0780", "CVE-2018-0781", "CVE-2018-0784", "CVE-2018-0785", "CVE-2018-0786", "CVE-2018-0788", "CVE-2018-0789", "CVE-2018-0790", "CVE-2018-0791", "CVE-2018-0792", "CVE-2018-0793", "CVE-2018-0794", "CVE-2018-0795", "CVE-2018-0796", "CVE-2018-0797", "CVE-2018-0798", "CVE-2018-0799", "CVE-2018-0800", "CVE-2018-0801", "CVE-2018-0802", "CVE-2018-0803", "CVE-2018-0804", "CVE-2018-0805", "CVE-2018-0806", "CVE-2018-0807", "CVE-2018-0812", "CVE-2018-0818", "CVE-2018-0819", "CVE-2018-4871"], "modified": "2018-01-12T15:09:44", "href": "https://blog.trendmicro.com/tippingpoint-threat-intelligence-zero-day-coverage-week-january-8-2018/", "id": "TRENDMICROBLOG:6A0454A8A4891A1004496709868EC034", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}