CVE-2018-8350
published 2018-08-15CVE-2018-8350: A remote code execution vulnerability exists when Microsoft Windows PDF Library improperly handles objects in memory, aka "Windows PDF Remote Code Execution…
PriorityP357high8.8CVSS 3.0
AVNACLPRNUIRSUCHIHAH
EPSS
18.59%
96.9th percentile
A remote code execution vulnerability exists when Microsoft Windows PDF Library improperly handles objects in memory, aka "Windows PDF Remote Code Execution Vulnerability." This affects Windows 10 Servers, Windows 10.
Affected
21 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10_servers | — | — |
| microsoft | windows_10_servers | — | — |
| microsoft | windows_server | — | — |
| microsoft | windows_server | — | — |
| msrc | windows_10_version_1703_for_32-bit_systems | — | — |
| msrc | windows_10_version_1703_for_x64-based_systems | — | — |
| msrc | windows_10_version_1709_for_32-bit_systems | — | — |
| msrc | windows_10_version_1709_for_x64-based_systems | — | — |
| msrc | windows_10_version_1803_for_32-bit_systems | — | — |
| msrc | windows_10_version_1803_for_x64-based_systems | — | — |
| msrc | windows_server_version_1709 | — | — |
| msrc | windows_server_version_1803 | — | — |
CVSS provenance
nvdv3.08.8HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
vendor_msrc4.2MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Microsoft
Windows PDF Remote Code Execution Vulnerability
vendor_msrc·2018-08-14·CVSS 4.2
CVE-2018-8350 [HIGH] Windows PDF Remote Code Execution Vulnerability
Windows PDF Remote Code Execution Vulnerability
Description: A remote code execution vulnerability exists when Microsoft Windows PDF Library improperly handles objects in memory. The vulnerability could corrupt memory in a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
To exploit the vulnerability on Windows 10 systems with Microsoft Edge set as the default browser, an attacker could host a specially craf
GHSA
GHSA-5x4c-mvw4-g6hr: A remote code execution vulnerability exists when Microsoft Windows PDF Library improperly handles objects in memory, aka "Windows PDF Remote Code Exe
ghsa_unreviewed·2022-05-13
CVE-2018-8350 [HIGH] GHSA-5x4c-mvw4-g6hr: A remote code execution vulnerability exists when Microsoft Windows PDF Library improperly handles objects in memory, aka "Windows PDF Remote Code Exe
A remote code execution vulnerability exists when Microsoft Windows PDF Library improperly handles objects in memory, aka "Windows PDF Remote Code Execution Vulnerability." This affects Windows 10 Servers, Windows 10.
No detection rules found.
No public exploits indexed.
Talos
Microsoft Tuesday August 2018
blogs_talos·2018-08-14·CVSS 9.8
[CRITICAL] Microsoft Tuesday August 2018
## Microsoft Tuesday August 2018
Microsoft released its monthly set of security advisories today for vulnerabilities that have been identified and addressed in various products. This month's advisory release addresses 62 new vulnerabilities, 20 of which are rated “critical,” 38 that are rated “important,” one that is rated moderate and one that is rated as low severity. These vulnerabilities impact Windows Operating System, Edge and Internet Explorer, along with several other products.
In addition to the 60 vulnerabilities referenced above, Microsoft has also released a critical update advisory, ADV180020 which addresses the vulnerabilities described in the Adobe Flash Security Bulletin APSB18-25.
## Critical Vulnerabilities
This month, Microsoft is addressing 20 vulnerabilities that a
Talos
Microsoft Tuesday August 2018
blogs_talos·2018-08-14·CVSS 9.8
[CRITICAL] Microsoft Tuesday August 2018
Microsoft released its monthly set of security advisories today for vulnerabilities that have been identified and addressed in various products. This month's advisory release addresses 62 new vulnerabilities, 20 of which are rated “critical,” 38 that are rated “important,” one that is rated moderate and one that is rated as low severity. These vulnerabilities impact Windows Operating System, Edge and Internet Explorer, along with several other products.
In addition to the 60 vulnerabilities referenced above, Microsoft has also released a critical update advisory, ADV180020 which addresses the vulnerabilities described in the Adobe Flash Security Bulletin APSB18-25.
### Critical Vulnerabilities
This month, Microsoft is addressing 20 vulnerabilities that are rated "critical." Talos believ
http://www.securityfocus.com/bid/104985http://www.securitytracker.com/id/1041465https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8350http://www.securityfocus.com/bid/104985http://www.securitytracker.com/id/1041465https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8350
2018-08-15
Published