Lucene search
Lucas Leong (@wmliang)ZDI-18-940HistoryAug 14, 2018 - 12:00 a.m.
Microsoft Windows LNK File Uninitialized Pointer Information Disclosure Vulnerability
2018-08-1400:00:00
Lucas Leong (@wmliang)
www.zerodayinitiative.com
14
0.202 Low
EPSS
Percentile
96.4%
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of .LNK files. Crafted data in a .LNK file can trigger access to a pointer prior to initialization. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current user.
Related
mscve
mscve
LNK Remote Code Execution Vulnerability
2018-08-14 07:00:00
cvelist
cvelist
CVE-2018-8345
2018-08-15 17:00:00
CVE-2018-8346
2018-08-15 17:00:00
nvd
nvd
CVE-2018-8345
2018-08-15 17:29:04
CVE-2018-8346
2018-08-15 17:29:04
cve
cve
CVE-2018-8346
2018-08-15 17:29:04
CVE-2018-8345
2018-08-15 17:29:04
mskb
mskb
Description of the security update for the remote code execution vulnerability in Windows Server 2008: August 14, 2018
2018-08-14 07:00:00
August 14, 2018âKB4343899 (Security-only update)
2018-08-14 07:00:00
August 14, 2018âKB4343900 (Monthly Rollup)
2018-08-14 07:00:00
prion
prion
Remote code execution
2018-08-15 17:29:00
Remote code execution
2018-08-15 17:29:00
nessus
nessus
kaspersky
kaspersky
KLA11789 Multiple vulnerabilities in Microsoft Products (ESU)
2018-08-14 00:00:00
openvas
openvas
Microsoft Windows Multiple Vulnerabilities (KB4343900)
2018-08-15 00:00:00
talosblog
talosblog
Microsoft Tuesday August 2018
2018-08-14 11:26:00