Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
zdiSimon Zuckerbraun of Trend Micro Zero Day InitiativeZDI-18-1130
HistoryOct 10, 2018 - 12:00 a.m.

Microsoft Windows VBScript Class_Terminate MSXML6 Use-After-Free Remote Code Execution Vulnerability

2018-10-1000:00:00
Simon Zuckerbraun of Trend Micro Zero Day Initiative
www.zerodayinitiative.com
10

EPSS

0.131

Percentile

95.6%

JSON

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows VBScript. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Class_Terminate methods when used together with MSXML6. By performing actions in VBScript, an attacker can cause a pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute code in the context of the current process.

Related

zdi 1
nvd 1
mscve 1
prion 1
mskb 14
cvelist 1
checkpoint_advisories 1
symantec 1
cve 1
nessus 9
kaspersky 2
openvas 7
talosblog 1
zdi
zdi
Microsoft Windows VBScript Class_Terminate MSXML3 Use-After-Free Remote Code Execution Vulnerability
2018-09-14 00:00:00
nvd
nvd
CVE-2018-8420
2018-09-13 00:29:02
mscve
mscve
MS XML Remote Code Execution Vulnerability
2018-09-11 07:00:00
prion
prion
Remote code execution
2018-09-13 00:29:00
mskb
mskb
Description of the security update for the remote code execution vulnerability in Windows Embedded POSReady 2009 and Windows Embedded Standard 2009: September 11, 2018
2018-09-11 00:00:00
September 11, 2018—KB4457140 (Security-only update)
2018-09-11 07:00:00
September 11, 2018—KB4457145 (Security-only update)
2018-09-11 07:00:00
cvelist
cvelist
CVE-2018-8420
2018-09-13 00:00:00
checkpoint_advisories
checkpoint_advisories
Microsoft MS XML Remote Code Execution (CVE-2018-8420)
2018-09-11 00:00:00
symantec
symantec
Microsoft Windows XML Core Services MSXML parser CVE-2018-8420 Remote Code Execution Vulnerability
2018-09-11 00:00:00
cve
cve
CVE-2018-8420
2018-09-13 00:29:02
nessus
nessus
KB4457984: Windows Server 2008 September 2018 Security Update
2018-09-11 00:00:00
KB4457140: Windows Server 2012 September 2018 Security Update
2018-09-11 00:00:00
KB4457145: Windows 7 and Windows Server 2008 R2 September 2018 Security Update
2018-09-11 00:00:00
kaspersky
kaspersky
KLA11890 Multiple vulnerabilities in Microsoft Products (ESU)
2018-09-11 00:00:00
KLA11316 Multiple vulnerabilities in Microsoft Windows
2018-09-11 00:00:00
openvas
openvas
Microsoft Windows Multiple Vulnerabilities (KB4457144)
2018-09-12 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB4457129)
2018-09-12 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB4457132)
2018-09-12 00:00:00
talosblog
talosblog
Microsoft Patch Tuesday - September 2018
2018-09-11 11:56:00

EPSS

0.131

Percentile

95.6%

JSON
Related for ZDI-18-1130
zdi1nvd1mscve1prion1mskb14cvelist1checkpoint_advisories1symantec1cve1nessus9kaspersky2openvas7talosblog1