CVE-2018-0978
published 2018-06-14CVE-2018-0978: A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption…
PriorityP274high7.5CVSS 3.0
AVNACHPRNUIRSUCHIHAH
ITWVulnCheck KEV
Exploited in the wild
EPSS
14.74%
96.3th percentile
A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-8249.
Affected
13 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | internet_explorer | — | — |
| microsoft | internet_explorer | — | — |
| microsoft | internet_explorer | — | — |
| microsoft | internet_explorer_11 | — | — |
| microsoft | internet_explorer_11 | — | — |
| microsoft | internet_explorer_11 | — | — |
| microsoft | internet_explorer_11 | — | — |
| microsoft | internet_explorer_11 | — | — |
| microsoft | internet_explorer_11 | — | — |
| microsoft | internet_explorer_11 | — | — |
| msrc | internet_explorer_10 | — | — |
| msrc | internet_explorer_11 | — | — |
| msrc | internet_explorer_9 | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Vulnerability is triggered when Internet Explorer improperly accesses objects in memory via a specially crafted website; monitor for IE11 process memory corruption events ↗
- →Attack vector is web-based; attacker hosts or compromises a website to serve malicious content to IE users — monitor for suspicious IE11 navigations to newly registered or low-reputation domains ↗
- →Initial delivery may be via email or instant message lures, or malicious email attachments — monitor for IE11 launching from email clients or document readers ↗
- →Scope is limited to Internet Explorer 11; ensure detection rules target iexplore.exe process specifically ↗
- ·Exploit status at time of advisory was not publicly disclosed or actively exploited, reducing immediate urgency but not eliminating risk ↗
- ·CVE-2018-0978 is a distinct vulnerability from CVE-2018-8249 despite both being IE Memory Corruption RCEs — do not conflate detection signatures between the two ↗
CVSS provenance
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.07.6HIGHAV:N/AC:H/Au:N/C:C/I:C/A:C
vulncheck7.5HIGH
vendor_msrc2.4LOW
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Microsoft
Internet Explorer Memory Corruption Vulnerability
vendor_msrc·2018-06-12·CVSS 2.4
CVE-2018-0978 [HIGH] Internet Explorer Memory Corruption Vulnerability
Internet Explorer Memory Corruption Vulnerability
Description: A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, the attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
An attacker could host a specially crafted website designed to exploit the vulnerability through Internet Explorer and then convince a user to vie
GHSA
GHSA-p8c3-62q4-47vg: A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vu
ghsa_unreviewed·2022-05-13·CVSS 7.5
CVE-2018-0978 [HIGH] CWE-787 GHSA-p8c3-62q4-47vg: A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vu
A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-8249.
GHSA
GHSA-xgg3-c4wr-66h2: A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vu
ghsa_unreviewed·2022-05-13·CVSS 7.5
CVE-2018-8249 [HIGH] CWE-787 GHSA-xgg3-c4wr-66h2: A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vu
A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability." This affects Internet Explorer 11. This CVE ID is unique from CVE-2018-0978.
VulnCheck
Microsoft Internet Explorer Out-of-bounds Write
vulncheck·2018·CVSS 7.5
CVE-2018-0978 [HIGH] Microsoft Internet Explorer Out-of-bounds Write
Microsoft Internet Explorer Out-of-bounds Write
A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-8249.
Affected: Microsoft Internet Explorer
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://research.checkpoint.com/2020/rudeminer-blacksquid-and-lucifer-walk-into-a-bar/
No detection rules found.
No public exploits indexed.
Checkpoint
Rudeminer, Blacksquid and Lucifer Walk Into A Bar
blogs_checkpoint·2020-09-15·CVSS 9.8
CVE-2018-10561 [CRITICAL] Rudeminer, Blacksquid and Lucifer Walk Into A Bar
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
AI Research 2
Android Malware 23
Artificial Intelligence 4
ChatGPT 3
Check Point Research Publications 455
Cloud Security 1
CPRadio 44
Crypto 2
Data & Threat Intelligence 2
Data Analysis 0
Demos 22
Global Cyber Attack Reports 408
How To Guides 13
Ransomware 5
Russo-Ukrainian War 1
Security Report 1
Threat and data analysis 0
Threat Research 174
Web 3.0 Security 11
Wipers 0
## Rudeminer, Blacksquid and Lucifer Walk Into A Bar
Research by David Driker, Amir Landau
Background
Lucifer is a Windows crypto miner and DDOS hybrid malware. Three months ago, researcher
Talos
Microsoft Patch Tuesday - June 2018
blogs_talos·2018-06-12·CVSS 8.1
[HIGH] Microsoft Patch Tuesday - June 2018
## Executive SummaryMicrosoft has released its monthly set of security advisories for vulnerabilities that have been identified and addressed in various products. This month's advisory release addresses 50 flaws, with 11 of them rated "critical," and 39 rated "important." These vulnerabilities impact Microsoft Edge, Internet Explorer, Chakra Scripting Engine, Windows DNSAPI, Microsoft Office, Windows Kernel and more.
In addition to the 50 vulnerabilities referenced above, Microsoft has also released a critical update advisory, ADV180014, the June 2018 Adobe Flash Security Update, which addresses the vulnerabilities described in the security bulletin.
### Critical vulnerabilitiesThis month, Microsoft is addressing 11 vulnerabilities that are rated "critical." Talos believes these three vu
http://www.securityfocus.com/bid/104364http://www.securitytracker.com/id/1041099https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0978http://www.securityfocus.com/bid/104364http://www.securitytracker.com/id/1041099https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0978
2018-06-14
Published
Exploited in the wild