CVE-2018-8333

An Elevation of Privilege vulnerability exists in Filter Manager when it improperly handles objects in memory, aka "Microsoft Filter Manager Elevation Of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows...

CVE-2018-8497

An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory, aka "Windows Kernel Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows Server 2019, Windows 10 Servers...

Microsoft Windows Graphics Component Information Disclosure Vulnerability (CNVD-2018-20734)

Microsoft Windows Server 2008 SP2 and others are products of Microsoft Corporation.Microsoft Windows Server 2008 SP2 is a set of operating systems used by servers.PowerPoint Viewer 2007 is a presentation handling program. Graphics Components is one of the graphics components. An information...

Microsoft Windows Codecs Library Information Disclosure Vulnerability

An Information Disclosure vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. Exploitation of the vulnerability requires that a...

CVE-2018-8443

An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows...

CVE-2018-8442

An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows...

Information disclosure

An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft browsers, aka "Scripting Engine Information Disclosure Vulnerability." This affects ChakraCore, Internet Explorer 11, Microsoft Edge...

CVE-2018-8331

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka "Microsoft Excel Remote Code Execution Vulnerability." This affects Microsoft Office...

Microsoft Windows DirectX Graphics Kernel Local Elevation of Privilege Vulnerability (CNVD-2018-21208)

Microsoft Windows is a series of operating systems released by Microsoft Corporation in the U.S. DirectX Graphics Kernel is one of the graphics kernel drivers. A security vulnerability in the Microsoft Windows DirectX Graphics DXGKRNL driver's handling of memory objects allows remote attackers to...

Microsoft Windows Kernel Local Information Disclosure Vulnerability (CNVD-2019-00348)

Microsoft Windows 10 and others are a series of operating systems released by Microsoft Corporation in the U.S. Windows kernel is one of the Windows system kernels. An information disclosure vulnerability exists in Microsoft Windows kernel, which arises from a program's failure to properly handle...

CVE-2018-8405

An elevation of privilege vulnerability exists when the DirectX Graphics Kernel DXGKRNL driver improperly handles objects in memory, aka "DirectX Graphics Kernel Elevation of Privilege Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2016, Windows 8.1, Windows 1...

CVE-2018-8341

An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows...

CVE-2018-8406

An elevation of privilege vulnerability exists when the DirectX Graphics Kernel DXGKRNL driver improperly handles objects in memory, aka “DirectX Graphics Kernel Elevation of Privilege Vulnerability.” This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from...

Microsoft Edge Memory Corruption Vulnerability

A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the...

DirectX Graphics Kernel Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when the DirectX Graphics Kernel DXGKRNL driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. To exploit the vulnerability, an attacker would first have to...

Microsoft Windows Denial of Service Vulnerability (CNVD-2018-15860)

Microsoft Windows 7, etc. are operating systems released by Microsoft Corporation in the U.S. Microsoft Windows 7 is a set of operating systems for personal computers.Windows Server 2012 R2 is a set of server operating systems. A denial of service vulnerability exists in Microsoft Windows, which...

Microsoft Edge Information Disclosure Vulnerability (CNVD-2018-12880)

Edge is Microsoft's browser for Windows 10. Microsoft Edge suffers from an information disclosure vulnerability. The vulnerability stems from Microsoft Edge failing to properly handle objects in memory. An attacker could exploit the vulnerability to obtain information that could further compromis...

Microsoft Windows Multiple Vulnerabilities (KB4338815)

This host is missing a critical security update according to Microsoft KB4338815 SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Delving deep into VBScript

In late April we found and wrote a description of CVE-2018-8174, a new zero-day vulnerability for Internet Explorer that was picked up by our sandbox. The vulnerability uses a well-known technique from the proof-of-concept exploit CVE-2014-6332 that essentially "corrupts" two memory objects and...

CVE-2018-8207

An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows...