CVE-2018-8373
published 2018-08-15CVE-2018-8373: A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory…
PriorityP181high7.5CVSS 3.1
AVNACHPRNUIRSUCHIHAH
KEVITW
CISA Known Exploited Vulnerabilitydue 2022-04-15
Exploited in the wild
EPSS
61.91%
99.1th percentile
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-8353, CVE-2018-8355, CVE-2018-8359, CVE-2018-8371, CVE-2018-8372, CVE-2018-8385, CVE-2018-8389, CVE-2018-8390.
Affected
14 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | chakracore | <= 1.10.1 | — |
| microsoft | chakracore | — | — |
| microsoft | internet_explorer | — | — |
| microsoft | internet_explorer | — | — |
| microsoft | internet_explorer | — | — |
| microsoft | microsoft_edge | — | — |
| microsoft | microsoft_edge | — | — |
| microsoft | microsoft_edge | — | — |
| microsoft | microsoft_edge | — | — |
| microsoft | microsoft_edge | — | — |
| microsoft | microsoft_edge | — | — |
| msrc | internet_explorer_10 | — | — |
| msrc | internet_explorer_11 | — | — |
| msrc | internet_explorer_9 | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →A second exploit variant (spotted September 18, 2018) modifies the SafeMode flag in the VBScript Engine to obtain execution permission from Shell.Application — similar execution pattern to CVE-2014-6332 and CVE-2016-0189. Also decodes a PowerShell payload. ↗
- →CVE-2018-8373 has confirmed active in-the-wild exploitation against Internet Explorer; prioritize patching workstation-class systems used for email or browser access. ↗
- ·Internet Explorer 11 on Windows 10 Redstone 3 (RS3) and later is NOT vulnerable because VBScript is disabled by default; exploitation only affects older IE versions where VBScript remains enabled. ↗
- ·The second exploit variant (September 2018) does not work on systems with updated Internet Explorer versions. ↗
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.07.6HIGHAV:N/AC:H/Au:N/C:C/I:C/A:C
ghsa7.5HIGH
osv7.5HIGH
vulncheck7.5HIGH
cisa7.5HIGH
vendor_msrc6.4MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
ChakraCore RCE Vulnerability
osv·2022-05-13·CVSS 7.5
CVE-2018-8385 [HIGH] ChakraCore RCE Vulnerability
ChakraCore RCE Vulnerability
A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, ChakraCore, Internet Explorer 11, Microsoft Edge, Internet Explorer 10. This CVE ID is unique from CVE-2018-8353, CVE-2018-8355, CVE-2018-8359, CVE-2018-8371, CVE-2018-8372, CVE-2018-8373, CVE-2018-8389, CVE-2018-8390.
OSV
ChakraCore RCE Vulnerability
osv·2022-05-13·CVSS 7.5
CVE-2018-8359 [HIGH] ChakraCore RCE Vulnerability
ChakraCore RCE Vulnerability
A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore. This CVE ID is unique from CVE-2018-8353, CVE-2018-8355, CVE-2018-8371, CVE-2018-8372, CVE-2018-8373, CVE-2018-8385, CVE-2018-8389, CVE-2018-8390.
GHSA
GHSA-r7hq-ppp5-wmmx: A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engin
ghsa_unreviewed·2022-05-13·CVSS 7.5
CVE-2018-8353 [HIGH] CWE-416 GHSA-r7hq-ppp5-wmmx: A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engin
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-8355, CVE-2018-8359, CVE-2018-8371, CVE-2018-8372, CVE-2018-8373, CVE-2018-8385, CVE-2018-8389, CVE-2018-8390.
OSV
ChakraCore RCE Vulnerability
osv·2022-05-13·CVSS 7.5
CVE-2018-8372 [HIGH] ChakraCore RCE Vulnerability
ChakraCore RCE Vulnerability
A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore, Internet Explorer 11, Microsoft Edge. This CVE ID is unique from CVE-2018-8353, CVE-2018-8355, CVE-2018-8359, CVE-2018-8371, CVE-2018-8373, CVE-2018-8385, CVE-2018-8389, CVE-2018-8390.
OSV
ChakraCore RCE Vulnerability
osv·2022-05-13·CVSS 7.5
CVE-2018-8355 [HIGH] ChakraCore RCE Vulnerability
ChakraCore RCE Vulnerability
A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore, Internet Explorer 11, Microsoft Edge. This CVE ID is unique from CVE-2018-8353, CVE-2018-8359, CVE-2018-8371, CVE-2018-8372, CVE-2018-8373, CVE-2018-8385, CVE-2018-8389, CVE-2018-8390.
GHSA
ChakraCore RCE Vulnerability
ghsa·2022-05-13·CVSS 7.5
CVE-2018-8355 [HIGH] CWE-787 ChakraCore RCE Vulnerability
ChakraCore RCE Vulnerability
A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore, Internet Explorer 11, Microsoft Edge. This CVE ID is unique from CVE-2018-8353, CVE-2018-8359, CVE-2018-8371, CVE-2018-8372, CVE-2018-8373, CVE-2018-8385, CVE-2018-8389, CVE-2018-8390.
GHSA
ChakraCore RCE Vulnerability
ghsa·2022-05-13·CVSS 7.5
CVE-2018-8390 [HIGH] CWE-787 ChakraCore RCE Vulnerability
ChakraCore RCE Vulnerability
A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8353, CVE-2018-8355, CVE-2018-8359, CVE-2018-8371, CVE-2018-8372, CVE-2018-8373, CVE-2018-8385, CVE-2018-8389.
OSV
ChakraCore RCE Vulnerability
osv·2022-05-13·CVSS 7.5
CVE-2018-8390 [HIGH] ChakraCore RCE Vulnerability
ChakraCore RCE Vulnerability
A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8353, CVE-2018-8355, CVE-2018-8359, CVE-2018-8371, CVE-2018-8372, CVE-2018-8373, CVE-2018-8385, CVE-2018-8389.
GHSA
GHSA-vmwj-6vm5-334c: A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engin
ghsa_unreviewed·2022-05-13·CVSS 7.5
CVE-2018-8389 [HIGH] CWE-787 GHSA-vmwj-6vm5-334c: A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engin
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-8353, CVE-2018-8355, CVE-2018-8359, CVE-2018-8371, CVE-2018-8372, CVE-2018-8373, CVE-2018-8385, CVE-2018-8390.
GHSA
ChakraCore RCE Vulnerability
ghsa·2022-05-13·CVSS 7.5
CVE-2018-8359 [HIGH] CWE-787 ChakraCore RCE Vulnerability
ChakraCore RCE Vulnerability
A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore. This CVE ID is unique from CVE-2018-8353, CVE-2018-8355, CVE-2018-8371, CVE-2018-8372, CVE-2018-8373, CVE-2018-8385, CVE-2018-8389, CVE-2018-8390.
GHSA
ChakraCore RCE Vulnerability
ghsa·2022-05-13·CVSS 7.5
CVE-2018-8385 [HIGH] CWE-787 ChakraCore RCE Vulnerability
ChakraCore RCE Vulnerability
A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, ChakraCore, Internet Explorer 11, Microsoft Edge, Internet Explorer 10. This CVE ID is unique from CVE-2018-8353, CVE-2018-8355, CVE-2018-8359, CVE-2018-8371, CVE-2018-8372, CVE-2018-8373, CVE-2018-8389, CVE-2018-8390.
GHSA
ChakraCore RCE Vulnerability
ghsa·2022-05-13·CVSS 7.5
CVE-2018-8371 [HIGH] CWE-787 ChakraCore RCE Vulnerability
ChakraCore RCE Vulnerability
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-8353, CVE-2018-8355, CVE-2018-8359, CVE-2018-8372, CVE-2018-8373, CVE-2018-8385, CVE-2018-8389, CVE-2018-8390.
OSV
ChakraCore RCE Vulnerability
osv·2022-05-13·CVSS 7.5
CVE-2018-8371 [HIGH] ChakraCore RCE Vulnerability
ChakraCore RCE Vulnerability
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-8353, CVE-2018-8355, CVE-2018-8359, CVE-2018-8372, CVE-2018-8373, CVE-2018-8385, CVE-2018-8389, CVE-2018-8390.
GHSA
GHSA-9qm8-3m9q-ghgq: A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engin
ghsa_unreviewed·2022-05-13·CVSS 7.5
CVE-2018-8373 [HIGH] CWE-787 GHSA-9qm8-3m9q-ghgq: A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engin
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-8353, CVE-2018-8355, CVE-2018-8359, CVE-2018-8371, CVE-2018-8372, CVE-2018-8385, CVE-2018-8389, CVE-2018-8390.
GHSA
ChakraCore RCE Vulnerability
ghsa·2022-05-13·CVSS 7.5
CVE-2018-8372 [HIGH] CWE-787 ChakraCore RCE Vulnerability
ChakraCore RCE Vulnerability
A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore, Internet Explorer 11, Microsoft Edge. This CVE ID is unique from CVE-2018-8353, CVE-2018-8355, CVE-2018-8359, CVE-2018-8371, CVE-2018-8373, CVE-2018-8385, CVE-2018-8389, CVE-2018-8390.
Project0
On VBScript - Project Zero
project_zero·2018-12-01·CVSS 7.5
CVE-2018-8174 [HIGH] On VBScript - Project Zero
Posted by Ivan Fratric, Google Project Zero
Introduction
Vulnerabilities in the VBScript scripting engine are a well known way to attack Microsoft Windows. In order to reduce this attack surface, in Windows 10 Fall Creators Update, Microsoft disabled VBScript execution in Internet Explorer in the Internet Zone and the Restricted Sites Zone by default. Yet this did not deter attackers from using it - in 2018 alone, there have been at least two instances of 0day attacks using vulnerabilities in VBScript: CVE-2018-8174 and CVE-2018-8373. In both of these cases, the delivery method for the exploit were Microsoft Office files with an embedded object which caused malicious VBScript code to be processed using the Internet Explorer engine. For a more detailed analysis of the techniques used in
VulnCheck
Microsoft Scripting Engine Memory Corruption Vulnerability
vulncheck·2018·CVSS 7.5
CVE-2018-8373 [HIGH] CWE-787 Microsoft Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine Memory Corruption Vulnerability
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer.
Affected: Microsoft Internet Explorer Scripting Engine
Required Action: Apply updates per vendor instructions.
Exploitation References: https://docs.google.com/spreadsheets/d/1lkNJ0uQwbeC1ZTRrxdtuPLCIl7mlUreoKfSIgajnSyY/edit; https://api.msrc.microsoft.com/cvrf/v3.0/cvrf/2018-Aug; https://www.recordedfuture.com/blog/top-vulnerabilities-2018; https://www.tenable.com/blog/daisy-chaining-how-vulnerabilities-can-be-greater-than-the-sum-of-their-parts; https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json
Remediation Due: 2022-04-15
VulnCheck
Microsoft Internet Explorer Out-of-bounds Write
vulncheck·2018·CVSS 7.5
CVE-2018-8389 [HIGH] Microsoft Internet Explorer Out-of-bounds Write
Microsoft Internet Explorer Out-of-bounds Write
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-8353, CVE-2018-8355, CVE-2018-8359, CVE-2018-8371, CVE-2018-8372, CVE-2018-8373, CVE-2018-8385, CVE-2018-8390.
Affected: Microsoft Internet Explorer
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Known Ransomware Campaign Use: Known
Exploitation References: https://cybersecurityworks.com/blog/ransomware/cyber-hygiene-ransomware-is-causi
CISA
Microsoft Scripting Engine Memory Corruption Vulnerability
cisa·2022-03-25·CVSS 7.5
CVE-2018-8373 [HIGH] CWE-787 Microsoft Scripting Engine Memory Corruption Vulnerability
Vulnerability: Microsoft Scripting Engine Memory Corruption Vulnerability
Affected: Microsoft Internet Explorer Scripting Engine
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer.
Required Action: Apply updates per vendor instructions.
Notes: https://nvd.nist.gov/vuln/detail/CVE-2018-8373
Remediation Due Date: 2022-04-15
Microsoft
Scripting Engine Memory Corruption Vulnerability
vendor_msrc·2018-08-14·CVSS 6.4
CVE-2018-8373 [HIGH] Scripting Engine Memory Corruption Vulnerability
Scripting Engine Memory Corruption Vulnerability
Description: A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
In a web-based attack scenario, an attacker could host a specially crafted websi
Suricata
ET WEB_CLIENT VBscript UAF (CVE-2018-8373)
suricata·2018-09-26·CVSS 7.5
CVE-2018-8373 [HIGH] ET WEB_CLIENT VBscript UAF (CVE-2018-8373)
ET WEB_CLIENT VBscript UAF (CVE-2018-8373)
Rule: alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET WEB_CLIENT VBscript UAF (CVE-2018-8373)"; flow:established,to_client; file.data; content:"vbscript"; nocase; content:"class_initialize"; nocase; fast_pattern; content:"<script "; nocase; content:"Redim"; nocase; content:"private"; nocase; pcre:"/^\s+sub\s+class_initialize\b(?:(?!end\s*sub).)*?\bReDim\s+array\b/Rsi"; content:"Public"; pcre:"/^\s+Default\s+Property\b(?:(?!end\s*property).)*?\bReDim\s+Preserve\s+array\b/Rsi"; reference:cve,2018-8373; reference:url,blog.trendmicro.com/trendlabs-security-intelligence/new-cve-2018-8373-exploit-spotted-in-the-wild/; classtype:attempted-user; sid:2026411; rev:4; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target C
No public exploits indexed.
Tenable
Daisy Chaining: How Vulnerabilities Can Be Greater Than the Sum of Their Parts
blogs_tenable·2021-01-21
Daisy Chaining: How Vulnerabilities Can Be Greater Than the Sum of Their Parts
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Tenable
How Organizations Can Reduce the Economic Incentives of Vulnerabilities
blogs_tenable·2020-06-10
How Organizations Can Reduce the Economic Incentives of Vulnerabilities
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Trendmicro
BinDiff to Zero-Day: A POC Exploiting CVE-2019-1208
blogs_trendmicro·2019-09-12·CVSS 7.5
CVE-2019-1208 [HIGH] BinDiff to Zero-Day: A POC Exploiting CVE-2019-1208
Exploits & Vulnerabilities
# BinDiff to Zero-Day: A POC Exploiting CVE-2019-1208
This looks furhter into the Internet Explorer vulnerability (CVE-2019-1208), which we discovered through BinDiff (a binary code analysis tool). This is a proof of concept (PoC) showing how it can be fully and consistently exploited in Windows 10 RS5.
By: Elliot Cao
2019/09/12
Read time: ( words)
Save to Folio
Last June, I disclosed a use-after-free (UAF) vulnerability in Internet Explorer (IE) to Microsoft. It was rated as critical, designated as CVE-2019-1208, and then addressed in Microsoft’s September Patch Tuesday. I discovered this flaw through BinDiff (a binary code analysis tool) and wrote a proof of concept (PoC) showing how it can be fully and consistently exploited in Windows 10 RS5.
A more in
Trendmicro
BinDiff to Zero-Day: A POC Exploiting CVE-2019-1208
blogs_trendmicro·2019-09-12·CVSS 7.5
CVE-2019-1208 [HIGH] BinDiff to Zero-Day: A POC Exploiting CVE-2019-1208
Exploits & Vulnerabilities
# BinDiff to Zero-Day: A POC Exploiting CVE-2019-1208
This looks furhter into the Internet Explorer vulnerability (CVE-2019-1208), which we discovered through BinDiff (a binary code analysis tool). This is a proof of concept (PoC) showing how it can be fully and consistently exploited in Windows 10 RS5.
By: Elliot Cao
Sep 12, 2019
Read time: ( words)
Save to Folio
Last June, I disclosed a use-after-free (UAF) vulnerability in Internet Explorer (IE) to Microsoft. It was rated as critical, designated as CVE-2019-1208, and then addressed in Microsoft’s September Patch Tuesday. I discovered this flaw through BinDiff (a binary code analysis tool) and wrote a proof of concept (PoC) showing how it can be fully and consistently exploited in Windows 10 RS5.
A more
Securelist
IT threat evolution Q3 2018. Statistics
blogs_securelist·2018-11-12
IT threat evolution Q3 2018. Statistics
Table of Contents
Q3 figures
Mobile threats
Q3 events
Mobile threat statistics
Distribution of detected mobile apps by type
Geography of mobile threats
Mobile banking Trojans
Mobile ransomware Trojans
Attacks on IoT devices
Telnet attacks
Financial threats
Q3 events
Financial threat statistics
Geography of attacks
Cryptoware programs
Q3 events
Statistics
Number of new modifications
Number of users attacked by Trojan cryptors
Geography of attacks
Cryptominers
Statistics
Number of new modifications
Number of users attacked by cryptominers
Geography of attacks
Vulnerable apps used by cybercriminals
Attacks via web resources
Countries where online resources are seeded with malware
Countries where users faced the greatest risk of online infection
Local threats
Cou
Securelist
IT threat evolution Q3 2018. Statistics
blogs_securelist·2018-11-12
IT threat evolution Q3 2018. Statistics
Table of Contents
- Q3 figures
- Mobile threats
- Attacks on IoT devices
- Financial threats
- Cryptoware programs
- Cryptominers
- Vulnerable apps used by cybercriminals
- Attacks via web resources
- Local threats
Authors
- Victor Chebyshev
- Fedor Sinitsyn
- Denis Parinov
- Oleg Kupreev
- Evgeny Lopatin
- Alexander Liskin
These statistics are based on detection verdicts of Kaspersky Lab products received from users who consented to provide statistical data.
## Q3 figures
According to Kaspersky Security Network:
- Kaspersky Lab solutions blocked 947,027,517 attacks launched from online resources located in 203 countries.
- 246,695,333 unique URLs were recognized as malicious by Web Anti-Virus components.
- Attempted infections by malware designed to steal money via online access to
Trendmicro
New CVE-2018-8373 Exploit Spotted
blogs_trendmicro·2018-09-25·CVSS 8.8
CVE-2018-8373 [HIGH] New CVE-2018-8373 Exploit Spotted
Exploits y vulnerabilidades
## New CVE-2018-8373 Exploit Spotted
On September 18, 2018, more than a month after we published a blog revealing the details of a use-after-free (UAF) vulnerability that affects the VBScript engine in newer Windows versions, we spotted another exploit that uses the same vulnerability.
By: Elliot Cao Sep 25, 2018 Read time: ( words)
Save to Folio
On September 18, 2018, more than a month after we published a blog revealing the details of a use-after-free (UAF) vulnerability CVE-2018-8373 that affects the VBScript engine in newer Windows versions, we spotted another exploit that uses the same vulnerability. It's important to note that this exploit doesn't work on systems with updated Internet Explorer versions.
Instead of modifying the CONTEXT structure of N
Trendmicro
New CVE-2018-8373 Exploit Spotted
blogs_trendmicro·2018-09-25·CVSS 8.8
CVE-2018-8373 [HIGH] New CVE-2018-8373 Exploit Spotted
Exploits & Vulnerabilities
## New CVE-2018-8373 Exploit Spotted
On September 18, 2018, more than a month after we published a blog revealing the details of a use-after-free (UAF) vulnerability that affects the VBScript engine in newer Windows versions, we spotted another exploit that uses the same vulnerability.
By: Elliot Cao 2018/09/25 Read time: ( words)
Save to Folio
On September 18, 2018, more than a month after we published a blog revealing the details of a use-after-free (UAF) vulnerability CVE-2018-8373 that affects the VBScript engine in newer Windows versions, we spotted another exploit that uses the same vulnerability. It's important to note that this exploit doesn't work on systems with updated Internet Explorer versions.
Instead of modifying the CONTEXT structure of NtCo
Trendmicro
New CVE-2018-8373 Exploit Spotted
blogs_trendmicro·2018-09-25·CVSS 8.8
CVE-2018-8373 [HIGH] New CVE-2018-8373 Exploit Spotted
Exploits & Vulnerabilities
## New CVE-2018-8373 Exploit Spotted
On September 18, 2018, more than a month after we published a blog revealing the details of a use-after-free (UAF) vulnerability that affects the VBScript engine in newer Windows versions, we spotted another exploit that uses the same vulnerability.
By: Elliot Cao Sep 25, 2018 Read time: ( words)
Save to Folio
On September 18, 2018, more than a month after we published a blog revealing the details of a use-after-free (UAF) vulnerability CVE-2018-8373 that affects the VBScript engine in newer Windows versions, we spotted another exploit that uses the same vulnerability. It's important to note that this exploit doesn't work on systems with updated Internet Explorer versions.
Instead of modifying the CONTEXT structure of Nt
Trendmicro
New CVE-2018-8373 Exploit Spotted
blogs_trendmicro·2018-09-25·CVSS 8.8
CVE-2018-8373 [HIGH] New CVE-2018-8373 Exploit Spotted
Ausnutzung von Schwachstellen
## New CVE-2018-8373 Exploit Spotted
On September 18, 2018, more than a month after we published a blog revealing the details of a use-after-free (UAF) vulnerability that affects the VBScript engine in newer Windows versions, we spotted another exploit that uses the same vulnerability.
By: Elliot Cao Sep 25, 2018 Read time: ( words)
Save to Folio
On September 18, 2018, more than a month after we published a blog revealing the details of a use-after-free (UAF) vulnerability CVE-2018-8373 that affects the VBScript engine in newer Windows versions, we spotted another exploit that uses the same vulnerability. It's important to note that this exploit doesn't work on systems with updated Internet Explorer versions.
Instead of modifying the CONTEXT structure of
Trendmicro
New CVE-2018-8373 Exploit Spotted
blogs_trendmicro·2018-09-25·CVSS 8.8
CVE-2018-8373 [HIGH] New CVE-2018-8373 Exploit Spotted
Exploits & Vulnerabilities
# New CVE-2018-8373 Exploit Spotted
On September 18, 2018, more than a month after we published a blog revealing the details of a use-after-free (UAF) vulnerability that affects the VBScript engine in newer Windows versions, we spotted another exploit that uses the same vulnerability.
By: Elliot Cao
2018/09/25
Read time: ( words)
Save to Folio
On September 18, 2018, more than a month after we published a blog revealing the details of a use-after-free (UAF) vulnerability CVE-2018-8373 that affects the VBScript engine in newer Windows versions, we spotted another exploit that uses the same vulnerability. It's important to note that this exploit doesn't work on systems with updated Internet Explorer versions.
Instead of modifying the CONTEXT structure of NtCo
Unit42
Traps Prevents In-The-Wild VBScript Zero-Day Exploit in Internet Explorer
blogs_unit42·2018-09-07·CVSS 7.5
CVE-2018-8373 [HIGH] Traps Prevents In-The-Wild VBScript Zero-Day Exploit in Internet Explorer
On August 15, Trend Micro published a blog post detailing a high-risk vulnerability in the VBScript Engine of Microsoft Internet Explorer being exploited in-the-wild (CVE-2018-8373). This vulnerability still affects endpoints running the latest versions of Internet Explorer and Windows which do not have the relevant patches applied.
The exploit was served on a malicious web host: hxxp://windows-updater[.]net/realmuto/wood.php?who=1?????? which was linked to the DarkHotel APT campaign by Qihoo 360, and this actor also exploited another VBScript vulnerability earlier this year (CVE-2018-8174). The preliminary payload was also analyzed thoroughly by Qihoo 360, and is dubbed zlib1.dll.
Figure 1. The attack flow as observed in the malicious sample
In Figure 1 we show the attack flow as obser
Unit42
Traps Prevents In-The-Wild VBScript Zero-Day Exploit in Internet Explorer
blogs_unit42·2018-09-07·CVSS 7.5
CVE-2018-8373 [HIGH] Traps Prevents In-The-Wild VBScript Zero-Day Exploit in Internet Explorer
Threat Research Center
Threat Research
Vulnerabilities
## Traps Prevents In-The-Wild VBScript Zero-Day Exploit in Internet Explorer
Tomer Harpaz
Maor Dokhanian
Published: September 7, 2018
Malware
Threat Research
Vulnerabilities
CVE-2018-8373
DarkHotel
On August 15, Trend Micro published a blog post detailing a high-risk vulnerability in the VBScript Engine of Microsoft Internet Explorer being exploited in-the-wild ( CVE-2018-8373 ). This vulnerability still affects endpoints running the latest versions of Internet Explorer and Windows which do not have the relevant patches applied.
The exploit was served on a malicious web host: hxxp://windows-updater[.]net/realmuto/wood.php?who=1?????? which was linked to the DarkHotel APT campaign by Qihoo 360 , and this actor also exploi
Trendmicro
UAF Bug Affects Internet Explorer, Runs Shellcode
blogs_trendmicro·2018-08-15·CVSS 7.5
CVE-2018-8373 [HIGH] UAF Bug Affects Internet Explorer, Runs Shellcode
Exploits & Vulnerabilities
## UAF Bug Affects Internet Explorer, Runs Shellcode
We discovered a high-risk Internet Explorer (IE) vulnerability. This vulnerability, designated as CVE-2018-8373, affects the VBScript engine in the latest versions of Windows, but Internet Explorer 11 is not vulnerable.
By: Elliot Cao, Zero Day Initiative Aug 15, 2018 Read time: ( words)
Save to Folio
We discovered a high-risk Internet Explorer (IE) vulnerability in the wild on July 11, just a day after Microsoft’s July Patch Tuesday. We immediately sent Microsoft the details to help fix this flaw. While this vulnerability, now designated as CVE-2018-8373 , affects the VBScript engine in the latest versions of Windows, Internet Explorer 11 is not vulnerable since VBScript in Windows 10 Redstone 3 (RS3) has
Trendmicro
August Patch Tuesday: A Tale of Two Zero-Days
blogs_trendmicro·2018-08-15·CVSS 7.5
[HIGH] August Patch Tuesday: A Tale of Two Zero-Days
Ausnutzung von Schwachstellen
## August Patch Tuesday: A Tale of Two Zero-Days
This month’s Microsoft Patch Tuesday includes important updates that patch two zero-day vulnerabilities that are already being actively exploited.
By: Trend Micro Aug 15, 2018 Read time: ( words)
Save to Folio
This month’s Microsoft Patch Tuesday includes important updates that patch two zero-day vulnerabilities that are already being actively exploited.
The first of these zero day vulnerabilities is CVE-2018-8373 , a use-after-free (UAF) vulnerability in VBscript engine that Trend Micro researchers found in Internet Explorer. This vulnerability bears many similarities to CVE-2018-8174 , another VBscript engine vulnerability that was patched back in May . Successful exploitation of this vulnerability could
Trendmicro
UAF Bug Affects Internet Explorer, Runs Shellcode
blogs_trendmicro·2018-08-15·CVSS 7.5
CVE-2018-8373 [HIGH] UAF Bug Affects Internet Explorer, Runs Shellcode
Exploits y vulnerabilidades
## UAF Bug Affects Internet Explorer, Runs Shellcode
We discovered a high-risk Internet Explorer (IE) vulnerability. This vulnerability, designated as CVE-2018-8373, affects the VBScript engine in the latest versions of Windows, but Internet Explorer 11 is not vulnerable.
By: Elliot Cao, Zero Day Initiative Aug 15, 2018 Read time: ( words)
Save to Folio
We discovered a high-risk Internet Explorer (IE) vulnerability in the wild on July 11, just a day after Microsoft’s July Patch Tuesday. We immediately sent Microsoft the details to help fix this flaw. While this vulnerability, now designated as CVE-2018-8373 , affects the VBScript engine in the latest versions of Windows, Internet Explorer 11 is not vulnerable since VBScript in Windows 10 Redstone 3 (RS3) ha
Trendmicro
UAF Bug Affects Internet Explorer, Runs Shellcode
blogs_trendmicro·2018-08-15·CVSS 7.5
CVE-2018-8373 [HIGH] UAF Bug Affects Internet Explorer, Runs Shellcode
Ausnutzung von Schwachstellen
## UAF Bug Affects Internet Explorer, Runs Shellcode
We discovered a high-risk Internet Explorer (IE) vulnerability. This vulnerability, designated as CVE-2018-8373, affects the VBScript engine in the latest versions of Windows, but Internet Explorer 11 is not vulnerable.
By: Elliot Cao, Zero Day Initiative Aug 15, 2018 Read time: ( words)
Save to Folio
We discovered a high-risk Internet Explorer (IE) vulnerability in the wild on July 11, just a day after Microsoft’s July Patch Tuesday. We immediately sent Microsoft the details to help fix this flaw. While this vulnerability, now designated as CVE-2018-8373 , affects the VBScript engine in the latest versions of Windows, Internet Explorer 11 is not vulnerable since VBScript in Windows 10 Redstone 3 (RS3)
Trendmicro
August Patch Tuesday: A Tale of Two Zero-Days
blogs_trendmicro·2018-08-15·CVSS 7.5
CVE-2018-8373 [HIGH] August Patch Tuesday: A Tale of Two Zero-Days
Exploits y vulnerabilidades
## August Patch Tuesday: A Tale of Two Zero-Days
This month’s Microsoft Patch Tuesday includes important updates that patch two zero-day vulnerabilities that are already being actively exploited.
By: Trend Micro Aug 15, 2018 Read time: ( words)
Save to Folio
This month’s Microsoft Patch Tuesday includes important updates that patch two zero-day vulnerabilities that are already being actively exploited.
The first of these zero day vulnerabilities is CVE-2018-8373 , a use-after-free (UAF) vulnerability in VBscript engine that Trend Micro researchers found in Internet Explorer. This vulnerability bears many similarities to CVE-2018-8174 , another VBscript engine vulnerability that was patched back in May . Successful exploitation of this vulnerability could a
Trendmicro
August Patch Tuesday: A Tale of Two Zero-Days
blogs_trendmicro·2018-08-15·CVSS 7.5
CVE-2018-8373 [HIGH] August Patch Tuesday: A Tale of Two Zero-Days
Exploits & Vulnerabilities
# August Patch Tuesday: A Tale of Two Zero-Days
This month’s Microsoft Patch Tuesday includes important updates that patch two zero-day vulnerabilities that are already being actively exploited.
By: Trend Micro
2018/08/15
Read time: ( words)
Save to Folio
This month’s Microsoft Patch Tuesday includes important updates that patch two zero-day vulnerabilities that are already being actively exploited.
The first of these zero day vulnerabilities is CVE-2018-8373, a use-after-free (UAF) vulnerability in VBscript engine that Trend Micro researchers found in Internet Explorer. This vulnerability bears many similarities to CVE-2018-8174, another VBscript engine vulnerability that was patched back in May. Successful exploitation of this vulnerability could allow a
Trendmicro
August Patch Tuesday: A Tale of Two Zero-Days
blogs_trendmicro·2018-08-15·CVSS 7.5
CVE-2018-8373 [HIGH] August Patch Tuesday: A Tale of Two Zero-Days
Exploits & Vulnerabilities
## August Patch Tuesday: A Tale of Two Zero-Days
This month’s Microsoft Patch Tuesday includes important updates that patch two zero-day vulnerabilities that are already being actively exploited.
By: Trend Micro Aug 15, 2018 Read time: ( words)
Save to Folio
This month’s Microsoft Patch Tuesday includes important updates that patch two zero-day vulnerabilities that are already being actively exploited.
The first of these zero day vulnerabilities is CVE-2018-8373 , a use-after-free (UAF) vulnerability in VBscript engine that Trend Micro researchers found in Internet Explorer. This vulnerability bears many similarities to CVE-2018-8174 , another VBscript engine vulnerability that was patched back in May . Successful exploitation of this vulnerability could al
Trendmicro
UAF Bug Affects Internet Explorer, Runs Shellcode
blogs_trendmicro·2018-08-15·CVSS 7.5
CVE-2018-8373 [HIGH] UAF Bug Affects Internet Explorer, Runs Shellcode
Exploits & Vulnerabilities
## UAF Bug Affects Internet Explorer, Runs Shellcode
We discovered a high-risk Internet Explorer (IE) vulnerability. This vulnerability, designated as CVE-2018-8373, affects the VBScript engine in the latest versions of Windows, but Internet Explorer 11 is not vulnerable.
By: Elliot Cao, Zero Day Initiative 2018/08/15 Read time: ( words)
Save to Folio
We discovered a high-risk Internet Explorer (IE) vulnerability in the wild on July 11, just a day after Microsoft’s July Patch Tuesday. We immediately sent Microsoft the details to help fix this flaw. While this vulnerability, now designated as CVE-2018-8373 , affects the VBScript engine in the latest versions of Windows, Internet Explorer 11 is not vulnerable since VBScript in Windows 10 Redstone 3 (RS3) has b
Trendmicro
UAF Bug Affects Internet Explorer, Runs Shellcode
blogs_trendmicro·2018-08-15·CVSS 7.5
CVE-2018-8373 [HIGH] UAF Bug Affects Internet Explorer, Runs Shellcode
Exploits & Vulnerabilities
# UAF Bug Affects Internet Explorer, Runs Shellcode
We discovered a high-risk Internet Explorer (IE) vulnerability. This vulnerability, designated as CVE-2018-8373, affects the VBScript engine in the latest versions of Windows, but Internet Explorer 11 is not vulnerable.
By: Elliot Cao, Zero Day Initiative
2018/08/15
Read time: ( words)
Save to Folio
We discovered a high-risk Internet Explorer (IE) vulnerability in the wild on July 11, just a day after Microsoft’s July Patch Tuesday. We immediately sent Microsoft the details to help fix this flaw. While this vulnerability, now designated as CVE-2018-8373, affects the VBScript engine in the latest versions of Windows, Internet Explorer 11 is not vulnerable since VBScript in Windows 10 Redstone 3 (RS3) has be
Krebs
Patch Tuesday, August 2018 Edition
blogs_krebs·2018-08-15·CVSS 7.5
CVE-2018-8373 [HIGH] Patch Tuesday, August 2018 Edition
Adobe and Microsoft each released security updates for their software on Tuesday. Adobe plugged five security holes in its Flash Player browser plugin. Microsoft pushed 17 updates to fix at least 60 vulnerabilities in Windows and other software, including two “ zero-day ” flaws that attackers were already exploiting before Microsoft issued patches to fix them.
According to security firm Ivanti , the first of the two zero-day flaws ( CVE-2018-8373 ) is a critical flaw in Internet Explorer that attackers could use to foist malware on IE users who browse to hacked or booby-trapped sites. The other zero-day is a bug ( CVE-2018-8414 ) in the Windows 10 shell that could allow an attacker to run code of his choice.
Microsoft also patched more variants of the Meltdown/Spectre memory vulnerabilit
Trendmicro
August Patch Tuesday: A Tale of Two Zero-Days
blogs_trendmicro·2018-08-15·CVSS 7.5
CVE-2018-8373 [HIGH] August Patch Tuesday: A Tale of Two Zero-Days
Exploits & Vulnerabilities
## August Patch Tuesday: A Tale of Two Zero-Days
This month’s Microsoft Patch Tuesday includes important updates that patch two zero-day vulnerabilities that are already being actively exploited.
By: Trend Micro 2018/08/15 Read time: ( words)
Save to Folio
This month’s Microsoft Patch Tuesday includes important updates that patch two zero-day vulnerabilities that are already being actively exploited.
The first of these zero day vulnerabilities is CVE-2018-8373 , a use-after-free (UAF) vulnerability in VBscript engine that Trend Micro researchers found in Internet Explorer. This vulnerability bears many similarities to CVE-2018-8174 , another VBscript engine vulnerability that was patched back in May . Successful exploitation of this vulnerability could allo
Talos
Microsoft Tuesday August 2018
blogs_talos·2018-08-14·CVSS 9.8
[CRITICAL] Microsoft Tuesday August 2018
## Microsoft Tuesday August 2018
Microsoft released its monthly set of security advisories today for vulnerabilities that have been identified and addressed in various products. This month's advisory release addresses 62 new vulnerabilities, 20 of which are rated “critical,” 38 that are rated “important,” one that is rated moderate and one that is rated as low severity. These vulnerabilities impact Windows Operating System, Edge and Internet Explorer, along with several other products.
In addition to the 60 vulnerabilities referenced above, Microsoft has also released a critical update advisory, ADV180020 which addresses the vulnerabilities described in the Adobe Flash Security Bulletin APSB18-25.
## Critical Vulnerabilities
This month, Microsoft is addressing 20 vulnerabilities that a
Qualys
August 2018 Patch Tuesday – 63 Vulns, L1TF (Foreshadow), Exchange, SQL, Active Attacks on IE flaw
blogs_qualys·2018-08-14·CVSS 9.8
CVE-2018-8373 [CRITICAL] August 2018 Patch Tuesday – 63 Vulns, L1TF (Foreshadow), Exchange, SQL, Active Attacks on IE flaw
In this month’s Patch Tuesday release there are 63 vulnerabilities patched with 20 Criticals. Out of the criticals, over half are browser-related, with the rest including Windows, SQL, and Exchange. Active exploits have been detected against CVE-2018-8373, one of the scripting engine vulnerabilities.
## Workstation Patches
Browser and Scripting Engine patches should be prioritized for workstation-type devices, meaning any system that is used for email or to access the internet via a browser. Microsoft has disclosed that CVE-2018-8373 has active exploits against Internet Explorer, making these patches a high priority. The PDF viewer, Windows Font Library, and GDI+ also have patches available that require a user to interact with a malicious site or file.
## LNK Remote Code Execution
A vu
Qualys
Patch Tuesday August 2018: Active IE Attacks | Qualys
blogs_qualys·2018-08-14·CVSS 9.8
CVE-2018-8373 [CRITICAL] Patch Tuesday August 2018: Active IE Attacks | Qualys
In this month’s Patch Tuesday release there are 63 vulnerabilities patched with 20 Criticals. Out of the criticals, over half are browser-related, with the rest including Windows, SQL, and Exchange. Active exploits have been detected against CVE-2018-8373, one of the scripting engine vulnerabilities.
### Workstation Patches
Browser and Scripting Engine patches should be prioritized for workstation-type devices, meaning any system that is used for email or to access the internet via a browser. Microsoft has disclosed that CVE-2018-8373 has active exploits against Internet Explorer, making these patches a high priority. The PDF viewer, Windows Font Library, and GDI+ also have patches available that require a user to interact with a malicious site or file.
### LNK Remote Code Execution
A
Talos
Microsoft Tuesday August 2018
blogs_talos·2018-08-14·CVSS 9.8
[CRITICAL] Microsoft Tuesday August 2018
Microsoft released its monthly set of security advisories today for vulnerabilities that have been identified and addressed in various products. This month's advisory release addresses 62 new vulnerabilities, 20 of which are rated “critical,” 38 that are rated “important,” one that is rated moderate and one that is rated as low severity. These vulnerabilities impact Windows Operating System, Edge and Internet Explorer, along with several other products.
In addition to the 60 vulnerabilities referenced above, Microsoft has also released a critical update advisory, ADV180020 which addresses the vulnerabilities described in the Adobe Flash Security Bulletin APSB18-25.
### Critical Vulnerabilities
This month, Microsoft is addressing 20 vulnerabilities that are rated "critical." Talos believ
Recorded Future
Microsoft Targeted by 8 of 10 Top Vulnerabilities in 2018
blogs_recorded_future
Microsoft Targeted by 8 of 10 Top Vulnerabilities in 2018
# Microsoft Targeted by 8 of 10 Top Vulnerabilities in 2018
Click here to download the complete analysis as a PDF.
This analysis focuses on an exploit kit, phishing attack, or remote access trojan co-occurrence with a vulnerability from January 1, 2018 to December 31, 2018. We analyzed thousands of sources, including code repositories, deep web forum postings, and dark web sites. This is a follow-up to our 2017 report, and the intended audience includes information security practitioners, especially those supporting vulnerability risk assessments.
### Executive Summary
Many vulnerability management practitioners face the daunting task of prioritizing vulnerabilities without adequate insight into which vulnerabilities are actively exploited by cybercriminals. Here, we’ll attempt to shed
http://www.securityfocus.com/bid/105037http://www.securitytracker.com/id/1041483https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8373http://www.securityfocus.com/bid/105037http://www.securitytracker.com/id/1041483https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8373https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-8373
2018-08-15
Published
2022-03-25
Added to CISA KEV
Exploited in the wild