CVE-2018-0825 — Corporation Structuredquery vulnerability

15 documents7 sources

Severity

7.5HIGHNVD

EPSS

35.8%

top 2.91%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

19

Microsoft Corporation Structuredquery Microsoft Windows 10 Microsoft Windows Server +16 more

Timeline

PublishedFeb 15

Latest updateMay 13

Description

StructuredQuery in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows a remote code execution vulnerability due to how objects are handled in memory, aka "StructuredQuery Remote Code Execution Vulnerability".

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.6 | Impact: 5.9

Affected Packages18 packages

▶msrcmsrc/windows_server_version_1709

▶msrcmsrc/windows_server_2008

▶msrcmsrc/windows_server_2012

▶msrcmsrc/windows_server_2016

▶msrcmsrc/windows_server_2008_r2

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

1

GHSA

GHSA-c4qg-xp59-6j7v: StructuredQuery in Windows 7 SP1, Windows 8↗2022-05-13

▶

📋Vendor Advisories

1

Microsoft

StructuredQuery Remote Code Execution Vulnerability↗2018-02-13

▶

🕵️Threat Intelligence

12

Qualys

Olympics, Patch Tuesday & Meltdown/Spectre | Qualys↗2018-02-16

▶

Qualys

Hackers Hit the Olympics, While Patch Tuesday and Meltdown / Spectre Keep IT Departments On Edge↗2018-02-16

▶

Trendmicro

February Patch Tuesday Fixes Privilege Escalation Bugs↗2018-02-14

▶

Trendmicro

February Patch Tuesday Fixes Privilege Escalation Bugs↗2018-02-14

▶

Trendmicro

February Patch Tuesday Fixes Privilege Escalation Bugs↗2018-02-14

▶

CVE-2018-0825 — HIGH severity | cvebase