CVE-2018-12589
published 2018-06-28CVE-2018-12589: Polaris Office 2017 8.1 allows attackers to execute arbitrary code via a Trojan horse puiframeworkproresenu.dll file in the current working directory.
PriorityP354high7.8CVSS 3.0
AVLACLPRNUIRSUCHIHAH
EXPLOIT
EPSS
20.31%
97.2th percentile
Polaris Office 2017 8.1 allows attackers to execute arbitrary code via a Trojan horse puiframeworkproresenu.dll file in the current working directory.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| polarisoffice | polaris_office_2017 | — | — |
CVSS provenance
nvdv3.07.8HIGHCVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Suricata
ET NETBIOS PolarisOffice Insecure Library Loading - SMB ASCII
suricata·2018-07-06
CVE-2018-12589 ET NETBIOS PolarisOffice Insecure Library Loading - SMB ASCII
ET NETBIOS PolarisOffice Insecure Library Loading - SMB ASCII
Rule: alert tcp $HOME_NET [445,139] -> any any (msg:"ET NETBIOS PolarisOffice Insecure Library Loading - SMB ASCII"; flow:from_server; content:"SMB"; offset:4; depth:5; byte_test:1,!&,0x80,7,relative; content:"puiframeworkproresenu|2E|dll"; nocase; distance:0; fast_pattern; reference:cve,2018-12589; reference:url,exploit-db.com/exploits/44985; classtype:attempted-user; sid:2025790; rev:2; metadata:attack_target Client_Endpoint, created_at 2018_07_06, cve CVE_2018_12589, deployment Perimeter, signature_severity Informational, updated_at 2021_09_09;)
Suricata
ET WEB_CLIENT PolarisOffice Insecure Library Loading
suricata·2018-07-06
CVE-2018-12589 ET WEB_CLIENT PolarisOffice Insecure Library Loading
ET WEB_CLIENT PolarisOffice Insecure Library Loading
Rule: alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET WEB_CLIENT PolarisOffice Insecure Library Loading"; flow:to_server; http.method; content:"GET"; http.uri; content:"puiframeworkproresenu.dll"; endswith; reference:cve,2018-12589; classtype:attempted-user; sid:2025792; rev:3; metadata:attack_target Client_Endpoint, created_at 2018_07_06, cve CVE_2018_12589, deployment Perimeter, signature_severity Minor, updated_at 2020_09_16;)
Suricata
ET NETBIOS PolarisOffice Insecure Library Loading - SMB Unicode
suricata·2018-07-06
CVE-2018-12589 ET NETBIOS PolarisOffice Insecure Library Loading - SMB Unicode
ET NETBIOS PolarisOffice Insecure Library Loading - SMB Unicode
Rule: alert tcp $HOME_NET [445,139] -> any any (msg:"ET NETBIOS PolarisOffice Insecure Library Loading - SMB Unicode"; flow:from_server; content:"SMB"; offset:4; depth:5; byte_test:1,&,0x80,7,relative; content:"p|00|u|00|i|00|f|00|r|00|a|00|m|00|e|00|w|00|o|00|r|00|k|00|p|00|r|00|o|00|r|00|e|00|s|00|e|00|n|00|u|00 2E 00|d|00|l|00|l|00|"; nocase; distance:0; reference:cve,2018-12589; reference:url,exploit-db.com/exploits/44985; classtype:attempted-user; sid:2025791; rev:2; metadata:attack_target Client_Endpoint, created_at 2018_07_06, cve CVE_2018_12589, deployment Perimeter, signature_severity Informational, updated_at 2021_09_09;)
No writeups or analysis indexed.
2018-06-28
Published