Lucene search
Elliot Cao of Trend Micro Security ResearchZDI-18-953HistoryAug 14, 2018 - 12:00 a.m.
Microsoft Windows VBScript Array Use-After-Free Remote Code Execution Vulnerability
2018-08-1400:00:00
Elliot Cao of Trend Micro Security Research
www.zerodayinitiative.com
18
0.922 High
EPSS
Percentile
99.0%
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows VBScript. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of arrays. By performing actions in script, an attacker can cause a pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute code in the context of the current process.
Related
cisa_kev
cisa_kev
Microsoft Scripting Engine Memory Corruption Vulnerability
2022-03-25 00:00:00
symantec
symantec
mscve
mscve
Scripting Engine Memory Corruption Vulnerability
2018-08-14 07:00:00
checkpoint_advisories
checkpoint_advisories
Microsoft Windows VBScript Engine Remote Code Execution (CVE-2018-8373)
2018-08-21 00:00:00
myhack58
myhack58
malwarebytes
malwarebytes
A week in security (September 24 β 30)
2018-10-01 16:44:20
googleprojectzero
googleprojectzero
On VBScript
2018-12-19 00:00:00
threatpost
threatpost
Darkhotel Exploits Microsoft Zero-Day VBScript Flaw
2018-08-20 16:39:26
Patch Tuesday: Microsoft Addresses Two Zero-Days in 60-Flaw Roundup
2018-08-14 20:42:41
krebs
krebs
Patch Tuesday, August 2018 Edition
2018-08-15 14:52:21
qualysblog
qualysblog
securelist
securelist
IT threat evolution Q3 2018. Statistics
2018-11-12 10:00:55
thn
thn
Microsoft Releases Patches for 60 FlawsβTwo Under Active Attack
2018-08-14 18:32:00
cve
cve
prion
prion
Remote code execution
2018-08-15 17:29:00
Remote code execution
2018-08-15 17:29:00
Remote code execution
2018-08-15 17:29:00
osv
osv
CVE-2018-8385
2018-08-15 17:29:08
ChakraCore RCE Vulnerability
2022-05-13 01:20:51
CVE-2018-8390
2018-08-15 17:29:08
cvelist
cvelist
nvd
nvd
github
github
ChakraCore RCE Vulnerability
2022-05-13 01:20:49
ChakraCore RCE Vulnerability
2022-05-13 01:20:51
ChakraCore RCE Vulnerability
2022-05-13 01:20:49
attackerkb
attackerkb
veracode
veracode
Remote Code Execution (RCE)
2018-08-16 09:38:32
mskb
mskb
Cumulative security update for Internet Explorer: August 14, 2018
2018-08-14 07:00:00
August 14, 2018βKB4343901 (Monthly Rollup)
2018-08-14 07:00:00
August 14, 2018βKB4343898 (Monthly Rollup)
2018-08-14 07:00:00
nessus
nessus
Security Updates for Internet Explorer (August 2018)
2018-08-14 00:00:00
KB4343896: Windows Server 2012 August 2018 Security Update (Foreshadow)
2018-08-14 00:00:00
kaspersky
kaspersky
KLA11789 Multiple vulnerabilities in Microsoft Products (ESU)
2018-08-14 00:00:00
KLA11306 Multiple vulnerabilities in Microsoft Browsers
2018-08-14 00:00:00
openvas
openvas
Microsoft Windows Multiple Vulnerabilities (KB4343898)
2018-08-15 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB4343900)
2018-08-15 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB4343892)
2018-08-15 00:00:00
talosblog
talosblog
Microsoft Tuesday August 2018
2018-08-14 11:26:00