CVE-2018-0967
published 2018-04-12CVE-2018-0967: A denial of service vulnerability exists in the way that Windows SNMP Service handles malformed SNMP traps, aka "Windows SNMP Service Denial of Service…
PriorityP334medium5.3CVSS 3.0
AVNACHPRLUINSUCNINAH
EPSS
18.68%
96.9th percentile
A denial of service vulnerability exists in the way that Windows SNMP Service handles malformed SNMP traps, aka "Windows SNMP Service Denial of Service Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
Affected
21 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_server_2008 | — | — |
| microsoft | windows_server_2012 | — | — |
| microsoft | windows_server_2016 | — | — |
| msrc | windows_10 | — | — |
| msrc | windows_10_version_1511 | — | — |
| msrc | windows_10_version_1607 | — | — |
| msrc | windows_10_version_1703 | — | — |
| msrc | windows_10_version_1709 | — | — |
| msrc | windows_7 | — | — |
| msrc | windows_8.1 | — | — |
| msrc | windows_rt_8.1 | — | — |
| msrc | windows_server_2008 | — | — |
| msrc | windows_server_2008_r2 | — | — |
| msrc | windows_server_2012 | — | — |
| msrc | windows_server_2012_r2 | — | — |
| msrc | windows_server_2016 | — | — |
| msrc | windows_server_version_1709 | — | — |
CVSS provenance
nvdv3.05.3MEDIUMCVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
nvdv2.06.3MEDIUMAV:N/AC:M/Au:S/C:N/I:N/A:C
vendor_msrc5.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Microsoft
Windows SNMP Service Denial of Service Vulnerability
vendor_msrc·2018-04-10·CVSS 5.3
CVE-2018-0967 [MEDIUM] Windows SNMP Service Denial of Service Vulnerability
Windows SNMP Service Denial of Service Vulnerability
Description: A denial of service vulnerability exists in the way that Windows SNMP Service handles malformed SNMP traps.
An attacker who successfully exploited the vulnerability could cause a target system to stop responding. Note that the denial of service condition would not allow an attacker to execute code or to elevate user privileges. However, the denial of service condition could prevent authorized users from using system resources.
The security update addresses the vulnerability by correcting how Windows SNMP Service processes SNMP traps.
Microsoft Windows: Microsoft Windows
Impact: Denial of Service
Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely;Older Software Release:Exploit
GHSA
GHSA-842r-jxj9-99xj: A denial of service vulnerability exists in the way that Windows SNMP Service handles malformed SNMP traps, aka "Windows SNMP Service Denial of Servic
ghsa_unreviewed·2022-05-13
CVE-2018-0967 [MEDIUM] GHSA-842r-jxj9-99xj: A denial of service vulnerability exists in the way that Windows SNMP Service handles malformed SNMP traps, aka "Windows SNMP Service Denial of Servic
A denial of service vulnerability exists in the way that Windows SNMP Service handles malformed SNMP traps, aka "Windows SNMP Service Denial of Service Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
No detection rules found.
No public exploits indexed.
Trendmicro
July Patch Tuesday: Large Adobe Security Update
blogs_trendmicro·2018-07-11·CVSS 5.3
CVE-2018-8280 [MEDIUM] July Patch Tuesday: Large Adobe Security Update
Exploits & Vulnerabilities
## July Patch Tuesday: Large Adobe Security Update
Patch Tuesday for July addresses 53 Microsoft and 107 Adobe vulnerabilities.
By: Trend Micro 2018/07/11 Read time: ( words)
Save to Folio
July’s Patch Tuesday addresses 53 vulnerabilities, including 18 critical ones, most of which involve Microsoft’s browsers. These include CVE-2018-8280 , CVE-2018-8286 , CVE-2018-8290 , CVE-2018-8294 , and CVE-2018-8298 , all of which are corruption bugs in the Chakra Javascript Engine that exist in the way it handles objects in memory in Microsoft Edge. An attacker could then use a specially crafted website that could potentially provide administrative rights to the perpetrator.
CVE-2018-8304 , a Windows DNSAPI Denial of Service Vulnerability, is another noteworthy vulner
Trendmicro
July Patch Tuesday: Large Adobe Security Update
blogs_trendmicro·2018-07-11·CVSS 5.3
CVE-2018-8280 [MEDIUM] July Patch Tuesday: Large Adobe Security Update
Exploits y vulnerabilidades
## July Patch Tuesday: Large Adobe Security Update
Patch Tuesday for July addresses 53 Microsoft and 107 Adobe vulnerabilities.
By: Trend Micro Jul 11, 2018 Read time: ( words)
Save to Folio
July’s Patch Tuesday addresses 53 vulnerabilities, including 18 critical ones, most of which involve Microsoft’s browsers. These include CVE-2018-8280 , CVE-2018-8286 , CVE-2018-8290 , CVE-2018-8294 , and CVE-2018-8298 , all of which are corruption bugs in the Chakra Javascript Engine that exist in the way it handles objects in memory in Microsoft Edge. An attacker could then use a specially crafted website that could potentially provide administrative rights to the perpetrator.
CVE-2018-8304 , a Windows DNSAPI Denial of Service Vulnerability, is another noteworthy vul
Trendmicro
July Patch Tuesday: Large Adobe Security Update
blogs_trendmicro·2018-07-11·CVSS 5.3
CVE-2018-8280 [MEDIUM] July Patch Tuesday: Large Adobe Security Update
Exploits & Vulnerabilities
## July Patch Tuesday: Large Adobe Security Update
Patch Tuesday for July addresses 53 Microsoft and 107 Adobe vulnerabilities.
By: Trend Micro Jul 11, 2018 Read time: ( words)
Save to Folio
July’s Patch Tuesday addresses 53 vulnerabilities, including 18 critical ones, most of which involve Microsoft’s browsers. These include CVE-2018-8280 , CVE-2018-8286 , CVE-2018-8290 , CVE-2018-8294 , and CVE-2018-8298 , all of which are corruption bugs in the Chakra Javascript Engine that exist in the way it handles objects in memory in Microsoft Edge. An attacker could then use a specially crafted website that could potentially provide administrative rights to the perpetrator.
CVE-2018-8304 , a Windows DNSAPI Denial of Service Vulnerability, is another noteworthy vuln
Trendmicro
July Patch Tuesday: Large Adobe Security Update
blogs_trendmicro·2018-07-11·CVSS 5.3
CVE-2018-8280 [MEDIUM] July Patch Tuesday: Large Adobe Security Update
Ausnutzung von Schwachstellen
## July Patch Tuesday: Large Adobe Security Update
Patch Tuesday for July addresses 53 Microsoft and 107 Adobe vulnerabilities.
By: Trend Micro Jul 11, 2018 Read time: ( words)
Save to Folio
July’s Patch Tuesday addresses 53 vulnerabilities, including 18 critical ones, most of which involve Microsoft’s browsers. These include CVE-2018-8280 , CVE-2018-8286 , CVE-2018-8290 , CVE-2018-8294 , and CVE-2018-8298 , all of which are corruption bugs in the Chakra Javascript Engine that exist in the way it handles objects in memory in Microsoft Edge. An attacker could then use a specially crafted website that could potentially provide administrative rights to the perpetrator.
CVE-2018-8304 , a Windows DNSAPI Denial of Service Vulnerability, is another noteworthy v
Trendmicro
July Patch Tuesday: Large Adobe Security Update
blogs_trendmicro·2018-07-11·CVSS 5.3
CVE-2018-8280 [MEDIUM] July Patch Tuesday: Large Adobe Security Update
Exploits & Vulnerabilities
# July Patch Tuesday: Large Adobe Security Update
Patch Tuesday for July addresses 53 Microsoft and 107 Adobe vulnerabilities.
By: Trend Micro
2018/07/11
Read time: ( words)
Save to Folio
July’s Patch Tuesday addresses 53 vulnerabilities, including 18 critical ones, most of which involve Microsoft’s browsers. These include CVE-2018-8280, CVE-2018-8286, CVE-2018-8290, CVE-2018-8294, and CVE-2018-8298, all of which are corruption bugs in the Chakra Javascript Engine that exist in the way it handles objects in memory in Microsoft Edge. An attacker could then use a specially crafted website that could potentially provide administrative rights to the perpetrator.
CVE-2018-8304, a Windows DNSAPI Denial of Service Vulnerability, is another noteworthy vulnerabilit
Talos
Microsoft Patch Tuesday - April 2018
blogs_talos·2018-04-10·CVSS 7.5
[HIGH] Microsoft Patch Tuesday - April 2018
## Microsoft Patch Tuesday - April 2018
## Microsoft Patch Tuesday - April 2018 Today, Microsoft has released its monthly set of security advisories for vulnerabilities that have been identified and addressed in various products. This month's advisory release addresses 65 new vulnerabilities and one advisory, with 25 of them rated critical, 39 of them rated important and one of them rated moderate. These vulnerabilities impact Microsoft Windows, Internet Explorer, Microsoft Edge, Microsoft Office, Windows kernel, Windows Hyper-V, Microsoft Scripting Engine and more.
In addition, an update for Adobe Flash Player was released.
## Critical Vulnerabilities This month, Microsoft is addressing 25 vulnerabilities that are rated "critical".
The vulnerabilities rated as "critical" are listed be
Talos
Microsoft Patch Tuesday - April 2018
blogs_talos·2018-04-10·CVSS 7.5
[HIGH] Microsoft Patch Tuesday - April 2018
## Microsoft Patch Tuesday - April 2018Today, Microsoft has released its monthly set of security advisories for vulnerabilities that have been identified and addressed in various products. This month's advisory release addresses 65 new vulnerabilities and one advisory, with 25 of them rated critical, 39 of them rated important and one of them rated moderate. These vulnerabilities impact Microsoft Windows, Internet Explorer, Microsoft Edge, Microsoft Office, Windows kernel, Windows Hyper-V, Microsoft Scripting Engine and more.
In addition, an update for Adobe Flash Player was released.
### Critical VulnerabilitiesThis month, Microsoft is addressing 25 vulnerabilities that are rated "critical".
The vulnerabilities rated as "critical" are listed below:
CVE-2018-0870 - Internet Explorer Me
http://www.securityfocus.com/bid/103652http://www.securitytracker.com/id/1040659https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0967http://www.securityfocus.com/bid/103652http://www.securitytracker.com/id/1040659https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0967
2018-04-12
Published