CVE-2018-8467
published 2018-09-13CVE-2018-8467: A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting…
PriorityP268high7.5CVSS 3.0
AVNACHPRNUIRSUCHIHAH
EXPLOIT
EPSS
69.02%
99.3th percentile
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8367, CVE-2018-8465, CVE-2018-8466.
Affected
25 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | chakracore | <= 1.10.1 | — |
| microsoft | chakracore | — | — |
| microsoft | microsoft_edge | — | — |
| microsoft | microsoft_edge | — | — |
| microsoft | microsoft_edge | — | — |
| microsoft | microsoft_edge | — | — |
| microsoft | microsoft_edge | — | — |
| microsoft | microsoft_edge | — | — |
| microsoft | microsoft_edge | — | — |
| microsoft | microsoft_edge | — | — |
| microsoft | microsoft_edge | — | — |
| microsoft | microsoft_edge | — | — |
| microsoft | microsoft_edge | — | — |
| msrc | chakracore | — | — |
| msrc | microsoft_edge_on_windows_10_for_32-bit_systems | — | — |
| msrc | microsoft_edge_on_windows_10_for_x64-based_systems | — | — |
| msrc | microsoft_edge_on_windows_10_version_1607_for_32-bit_systems | — | — |
| msrc | microsoft_edge_on_windows_10_version_1607_for_x64-based_systems | — | — |
| msrc | microsoft_edge_on_windows_10_version_1703_for_32-bit_systems | — | — |
| msrc | microsoft_edge_on_windows_10_version_1703_for_x64-based_systems | — | — |
| msrc | microsoft_edge_on_windows_10_version_1709_for_32-bit_systems | — | — |
| msrc | microsoft_edge_on_windows_10_version_1709_for_x64-based_systems | — | — |
| msrc | microsoft_edge_on_windows_10_version_1803_for_32-bit_systems | — | — |
| msrc | microsoft_edge_on_windows_10_version_1803_for_x64-based_systems | — | — |
| msrc | microsoft_edge_on_windows_server_2016 | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →The vulnerability is triggered when JavascriptNativeFloatArray::ConvertToVarArray() is called due to type confusion in the Chakra JIT compiler — a NativeFloatArray is treated as ObjectType::Object because the switch statement in GlobOpt::UpdateObjPtrValueType() handles Js::TypeIds_Array but not Js::TypeIds_NativeIntArray or Js::TypeIds_NativeFloatArray. ↗
- →The type confusion bug triggers JavascriptNativeFloatArray::ConvertToVarArray(), which converts a JavascriptNativeFloatArray to JavascriptArray by overwriting the TypeId field via JIT-generated code, resulting in memory corruption when the TypeId field is accessed later. ↗
- →The PoC pattern involves assigning a float value to arr[0], then assigning an object to arr2[0] via a method call, then assigning a small float (2.3023e-320) to arr[0] — monitor for JIT-compiled JavaScript exhibiting this array type coercion pattern in Microsoft Edge. ↗
- →Exploitation relies on waiting for the Chakra JIT server to compile the opt() function before triggering the type confusion — a setTimeout delay (e.g. 100ms) is used in PoC to allow JIT compilation to complete before the vulnerable code path is hit. ↗
- ·Assembly analysis and memory addresses (e.g. 0xf010280) are specific to chakra.dll version 11.00.14393.447; offsets and behavior may differ across other versions of Microsoft Edge / ChakraCore. ↗
CVSS provenance
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.07.6HIGHAV:N/AC:H/Au:N/C:C/I:C/A:C
ghsa7.5HIGH
osv7.5HIGH
vendor_msrc4.2MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
ChakraCore RCE Vulnerability
osv·2022-05-13·CVSS 7.5
CVE-2018-8367 [HIGH] ChakraCore RCE Vulnerability
ChakraCore RCE Vulnerability
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8465, CVE-2018-8466, CVE-2018-8467.
OSV
ChakraCore RCE Vulnerability
osv·2022-05-13·CVSS 7.5
CVE-2018-8465 [HIGH] ChakraCore RCE Vulnerability
ChakraCore RCE Vulnerability
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8367, CVE-2018-8466, CVE-2018-8467.
OSV
ChakraCore RCE Vulnerability
osv·2022-05-13·CVSS 7.5
CVE-2018-8466 [HIGH] ChakraCore RCE Vulnerability
ChakraCore RCE Vulnerability
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8367, CVE-2018-8465, CVE-2018-8467.
GHSA
ChakraCore RCE Vulnerability
ghsa·2022-05-13·CVSS 7.5
CVE-2018-8467 [HIGH] CWE-787 ChakraCore RCE Vulnerability
ChakraCore RCE Vulnerability
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8367, CVE-2018-8465, CVE-2018-8466.
GHSA
ChakraCore RCE Vulnerability
ghsa·2022-05-13·CVSS 7.5
CVE-2018-8466 [HIGH] CWE-787 ChakraCore RCE Vulnerability
ChakraCore RCE Vulnerability
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8367, CVE-2018-8465, CVE-2018-8467.
OSV
ChakraCore RCE Vulnerability
osv·2022-05-13·CVSS 7.5
CVE-2018-8467 [HIGH] ChakraCore RCE Vulnerability
ChakraCore RCE Vulnerability
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8367, CVE-2018-8465, CVE-2018-8466.
GHSA
ChakraCore RCE Vulnerability
ghsa·2022-05-13·CVSS 7.5
CVE-2018-8465 [HIGH] CWE-787 ChakraCore RCE Vulnerability
ChakraCore RCE Vulnerability
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8367, CVE-2018-8466, CVE-2018-8467.
GHSA
ChakraCore RCE Vulnerability
ghsa·2022-05-13·CVSS 7.5
CVE-2018-8367 [HIGH] CWE-787 ChakraCore RCE Vulnerability
ChakraCore RCE Vulnerability
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8465, CVE-2018-8466, CVE-2018-8467.
Microsoft
Chakra Scripting Engine Memory Corruption Vulnerability
vendor_msrc·2018-09-11·CVSS 4.2
CVE-2018-8467 [HIGH] Chakra Scripting Engine Memory Corruption Vulnerability
Chakra Scripting Engine Memory Corruption Vulnerability
Description: A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge (HTML-based). The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
In a web-based attack scenario, an attacker could host a
No detection rules found.
Fortinet
A Deep Analysis of the Microsoft Outlook Vulnerability CVE-2018-8587
blogs_fortinet·2018-12-16·CVSS 7.8
CVE-2018-8587 [HIGH] A Deep Analysis of the Microsoft Outlook Vulnerability CVE-2018-8587
FORTIGUARD LABS THREAT RESEARCH
A Deep Analysis of the Microsoft Outlook Vulnerability CVE-2018-8587
By Yonghui Han | December 16, 2018
FortiGuard Labs Threat Analysis Report
Earlier this year, Fortinet's FortiGuard Labs researcher Yonghui Han reported a Heap Corruption vulnerability in Office Outlook to Microsoft by following Fortinet’s responsible disclosure process. On Patch Tuesday of December 2018, Microsoft announced that they had fixed this vulnerability, released a corresponding advisory, and assigned it the vulnerability identifier CVE-2018-8587.
Microsoft Outlook is one of the components of the Microsoft Office suite that is widely used to send and receive emails, manage contacts, record and track schedules, and perform other tasks. The Heap Corruption vulnerability was fou
Fortinet
Exploiting an RCE bug in the UDP Protocol implemented in FreeRTOS
blogs_fortinet·2018-12-04·CVSS 8.1
CVE-2018-16525 [HIGH] Exploiting an RCE bug in the UDP Protocol implemented in FreeRTOS
FORTIGUARD LABS THREAT RESEARCH
Exploiting an RCE bug in the UDP Protocol implemented in FreeRTOS
By Amir Zali | December 04, 2018
Recently, I saw a report about several bugs that were found on FreeRTOS. Curiosity got the best of me, and I started to take a look to see what can be done from the IPS side to protect our customers because of importance of IoT devices and the popularity of this operating system. (Since the initial report more details have been made available here, CVE-2018-16525.)
In this post I will just elaborate on a single RCE bug that I have managed to exploit in the UDP protocol which is implemented in FreeRTOS+TCP.
RTOS, Real Time Operating System, is a type of operating system that provides deterministic execution. AWS FreeRTOS is a class of RTOS from Amazon Web Se
Fortinet
Patch Your Microsoft Outlook: Fortinet Discovered Four Outlook Remote Code Execution Vulnerabilities
blogs_fortinet·2018-11-13·CVSS 7.8
[HIGH] Patch Your Microsoft Outlook: Fortinet Discovered Four Outlook Remote Code Execution Vulnerabilities
FORTIGUARD LABS THREAT RESEARCH
Patch Your Microsoft Outlook: Fortinet Discovered Four Outlook Remote Code Execution Vulnerabilities
By Yonghui Han | November 13, 2018
FortiGuard Labs Breaking Threat Research
This Patch Tuesday, November 13, 2018, Microsoft patched six vulnerabilities discovered in Microsoft Outlook. Four of them were discovered and reported on by Fortinet researcher Yonghui Han by following Fortinet’s responsible disclosure process. The CVE numbers assigned to them are CVE-2018-8522, CVE-2018-8524, CVE-2018-8576 and CVE-2018-8582. All Microsoft Outlook versions from 2010 to 2019 are affected. All of four of these vulnerabilities could lead to remote code execution and have been given an Important rating by Microsoft. In this post we will provide more details on these
Fortinet
An Analysis of Microsoft Edge Chakra JavascriptArray TypeId Handling Memory Corruption (CVE-2018-8467)
blogs_fortinet·2018-10-19·CVSS 7.5
CVE-2018-8467 [HIGH] An Analysis of Microsoft Edge Chakra JavascriptArray TypeId Handling Memory Corruption (CVE-2018-8467)
FORTIGUARD LABS THREAT RESEARCH
An Analysis of Microsoft Edge Chakra JavascriptArray TypeId Handling Memory Corruption (CVE-2018-8467)
By Dehui Yin | October 19, 2018
The Javascript Type Confusion bug is a critical vulnerability that exists in many popular browsers. It causes memory corruption and can possibly be exploited to execute arbitrary code when a vulnerable system browses a malicious web page. A growing number of these type of confusion bugs in the Microsoft Chakra Engine have been disclosed and fixed by over the past recent months.
CVE-2018-8467 is one of the classic ‘Type Confusion’ bugs in the Microsoft Edge Chakra Engine that was fixed by Microsoft several weeks ago. In this post, the team at FortiGuard Labs looks deeply into the Microsoft Edge Chakra Engine assembly codes
Fortinet
Microsoft JET Database Engine Code Execution Vulnerability
blogs_fortinet·2018-09-14·CVSS 7.8
CVE-2018-8392 [HIGH] Microsoft JET Database Engine Code Execution Vulnerability
FORTIGUARD LABS THREAT RESEARCH
Microsoft JET Database Engine Code Execution Vulnerability
By Honggang Ren | September 14, 2018
This June, FortiGuard Labs researcher Honggang Ren discovered a code execution vulnerability in the Windows JET Database Engine and reported it to Microsoft using the responsible disclosure process. On the patch Tuesday of September 2018, Microsoft released a Security Advisory that contains the fix for this vulnerability, identifying it as CVE-2018-8392.
The Microsoft JET Database Engine is a database engine on which several Microsoft products have been built. A database engine is the underlying component of a database, a collection of information stored on a computer in a systematic way.
The vulnerable DLL msexcl40.dll identified by FortiGuard Labs is a comp
Trendmicro
September Patch Tuesday: Windows Fixes ALPC Bug
blogs_trendmicro·2018-09-12·CVSS 7.8
CVE-2018-8440 [HIGH] September Patch Tuesday: Windows Fixes ALPC Bug
Exploits y vulnerabilidades
## September Patch Tuesday: Windows Fixes ALPC Bug
September’s Patch Tuesday provides a security patch for CVE-2018-8440, an elevation of privilege vulnerability that occurs when Windows incorrectly handles calls to the Advanced Local Procedure Call (ALPC) interface.
By: Trend Micro Sep 12, 2018 Read time: ( words)
Save to Folio
September’s Patch Tuesday provides a security patch for CVE-2018-8440 , an elevation of privilege vulnerability that occurs when Windows incorrectly handles calls to the Advanced Local Procedure Call (ALPC) interface. This bug allows threat actors to run code with administrative privileges, install programs, or even create new accounts with full user rights. This bug’s source code has been publicly disclosed as of August 27 via Twit
Trendmicro
September Patch Tuesday: Windows Fixes ALPC Bug
blogs_trendmicro·2018-09-12·CVSS 7.8
CVE-2018-8440 [HIGH] September Patch Tuesday: Windows Fixes ALPC Bug
Exploits & Vulnerabilities
# September Patch Tuesday: Windows Fixes ALPC Bug
September’s Patch Tuesday provides a security patch for CVE-2018-8440, an elevation of privilege vulnerability that occurs when Windows incorrectly handles calls to the Advanced Local Procedure Call (ALPC) interface.
By: Trend Micro
2018/09/12
Read time: ( words)
Save to Folio
September’s Patch Tuesday provides a security patch for CVE-2018-8440, an elevation of privilege vulnerability that occurs when Windows incorrectly handles calls to the Advanced Local Procedure Call (ALPC) interface. This bug allows threat actors to run code with administrative privileges, install programs, or even create new accounts with full user rights. This bug’s source code has been publicly disclosed as of August 27 via Twitter
Trendmicro
September Patch Tuesday: Windows Fixes ALPC Bug
blogs_trendmicro·2018-09-12·CVSS 7.8
CVE-2018-8440 [HIGH] September Patch Tuesday: Windows Fixes ALPC Bug
Exploits & Vulnerabilities
## September Patch Tuesday: Windows Fixes ALPC Bug
September’s Patch Tuesday provides a security patch for CVE-2018-8440, an elevation of privilege vulnerability that occurs when Windows incorrectly handles calls to the Advanced Local Procedure Call (ALPC) interface.
By: Trend Micro Sep 12, 2018 Read time: ( words)
Save to Folio
September’s Patch Tuesday provides a security patch for CVE-2018-8440 , an elevation of privilege vulnerability that occurs when Windows incorrectly handles calls to the Advanced Local Procedure Call (ALPC) interface. This bug allows threat actors to run code with administrative privileges, install programs, or even create new accounts with full user rights. This bug’s source code has been publicly disclosed as of August 27 via Twitt
Trendmicro
September Patch Tuesday: Windows Fixes ALPC Bug
blogs_trendmicro·2018-09-12·CVSS 7.8
CVE-2018-8440 [HIGH] September Patch Tuesday: Windows Fixes ALPC Bug
Exploits & Vulnerabilities
## September Patch Tuesday: Windows Fixes ALPC Bug
September’s Patch Tuesday provides a security patch for CVE-2018-8440, an elevation of privilege vulnerability that occurs when Windows incorrectly handles calls to the Advanced Local Procedure Call (ALPC) interface.
By: Trend Micro 2018/09/12 Read time: ( words)
Save to Folio
September’s Patch Tuesday provides a security patch for CVE-2018-8440 , an elevation of privilege vulnerability that occurs when Windows incorrectly handles calls to the Advanced Local Procedure Call (ALPC) interface. This bug allows threat actors to run code with administrative privileges, install programs, or even create new accounts with full user rights. This bug’s source code has been publicly disclosed as of August 27 via Twitter
Trendmicro
September Patch Tuesday: Windows Fixes ALPC Bug
blogs_trendmicro·2018-09-12·CVSS 7.8
CVE-2018-8440 [HIGH] September Patch Tuesday: Windows Fixes ALPC Bug
Ausnutzung von Schwachstellen
## September Patch Tuesday: Windows Fixes ALPC Bug
September’s Patch Tuesday provides a security patch for CVE-2018-8440, an elevation of privilege vulnerability that occurs when Windows incorrectly handles calls to the Advanced Local Procedure Call (ALPC) interface.
By: Trend Micro Sep 12, 2018 Read time: ( words)
Save to Folio
September’s Patch Tuesday provides a security patch for CVE-2018-8440 , an elevation of privilege vulnerability that occurs when Windows incorrectly handles calls to the Advanced Local Procedure Call (ALPC) interface. This bug allows threat actors to run code with administrative privileges, install programs, or even create new accounts with full user rights. This bug’s source code has been publicly disclosed as of August 27 via Tw
Talos
Microsoft Patch Tuesday - September 2018
blogs_talos·2018-09-11·CVSS 8.4
[HIGH] Microsoft Patch Tuesday - September 2018
Microsoft released its monthly set of security updates today for a variety of its products that address a variety of bugs. The latest Patch Tuesday covers 61 vulnerabilities, 17 of which are rated "critical," 43 that are rated "important" and one that is considered to have "moderate" severity.
The advisories cover bugs in the Internet Explorer web browser, Jet Database Engine and the Chakra scripting engine, among other products and software.
This update also includes two critical advisories, one of which covers security updates to Adobe Flash, and another that deals with a denial-of-service vulnerability in the Microsoft Windows operating system.
## Critical vulnerabilitiesMicrosoft released coverage for 17 critical bugs. Cisco Talos believes 16 of these are of special importance and n
Talos
Microsoft Patch Tuesday - September 2018
blogs_talos·2018-09-11·CVSS 8.4
[HIGH] Microsoft Patch Tuesday - September 2018
## Microsoft Patch Tuesday - September 2018
Microsoft released its monthly set of security updates today for a variety of its products that address a variety of bugs. The latest Patch Tuesday covers 61 vulnerabilities, 17 of which are rated "critical," 43 that are rated "important" and one that is considered to have "moderate" severity.
The advisories cover bugs in the Internet Explorer web browser, Jet Database Engine and the Chakra scripting engine, among other products and software.
This update also includes two critical advisories, one of which covers security updates to Adobe Flash, and another that deals with a denial-of-service vulnerability in the Microsoft Windows operating system.
## Critical vulnerabilities Microsoft released coverage for 17 critical bugs. Cisco Talos believ
Fortinet
Buffer Overflow Attack Targeting Microsoft IIS 6.0 Returns
blogs_fortinet·2018-05-23·CVSS 9.8
CVE-2017-7269 [CRITICAL] Buffer Overflow Attack Targeting Microsoft IIS 6.0 Returns
FORTIGUARD LABS THREAT RESEARCH
Buffer Overflow Attack Targeting Microsoft IIS 6.0 Returns
By Bing Liu | May 23, 2018
There is a buffer overflow vulnerability in the WebDAV service in Microsoft IIS 6.0 identified as CVE-2017-7269 that allows remote attackers to execute arbitrary code via a long HTTP header. This vulnerability was reportedly first exploited in July or August of 2016, and the PoC was publicly disclosed in March 2017 on GitHub. Over the past month, however, FortiGuard Labs has been documenting a spike in new attacks targeting this vulnerability, peaking on Apr 13, 2018 when we logged over 4 million triggers.
Fortinet released an IPS signature for this vulnerability in March of 2017 named MS.IIS.WebDAV.PROPFIND.ScStoragePathFromUrl.Buffer.Overflow. The daily trigger rate of
Fortinet
CVE-2015-4400 : Backdoorbot, Network Configuration Leak on a Connected Doorbell
blogs_fortinet·2016-01-22·CVSS 4.6
CVE-2015-4400 [MEDIUM] CVE-2015-4400 : Backdoorbot, Network Configuration Leak on a Connected Doorbell
FORTIGUARD LABS THREAT RESEARCH
CVE-2015-4400 : Backdoorbot, Network Configuration Leak on a Connected Doorbell
By Ruchna Nigam | January 22, 2016
Summary
In March 2015, a Network Configuration Leak vulnerability was disclosed to Ring as part of FortiGuard's Responsible Disclosure process.
The vulnerability existed on their first internet-connected doorbell, Doorbot v1.0 but other posts on the subject show that the vulnerability was ported on newer versions of the connected doorbell as well.
The vulnerability had been granted CVE-2015-4400: DoorBot Network Configuration Leak.
We have issued an Advisory and IPS signatures (DoorBot.Network.Configuration.Leak) for the same.
We have not been informed by Ring about any patches issued for the reported vulnerability.
Connected Doorbell?
The
Zscaler
Zscaler protects against 10 new vulnerabilities for Chakra Scripting Engine, Internet Explorer, MS XML, Windows & Microsoft Edge. | Zscaler
blogs_zscaler·CVSS 7.5
[HIGH] Zscaler protects against 10 new vulnerabilities for Chakra Scripting Engine, Internet Explorer, MS XML, Windows & Microsoft Edge. | Zscaler
Provide users with seamless, secure, reliable access to applications and data.
Build and run secure cloud apps, enable zero trust cloud connectivity, and protect workloads from data center to cloud.
Provide zero trust connectivity for IoT and OT devices and secure remote access to OT systems.
Provide zero trust site-to-site connectivity and reliable access to B2B apps for partners.
Industry Report
Zscaler: A Leader in the 2025 Gartner® Magic Quadrant™ for Security Service Edge (SSE)
USE CASES
INDUSTRY & MARKET SOLUTIONS
PARTNERS
TECHNOLOGY PARTNERS
Resource Center
Events & Trainings
Security Research & Services
Tools
Community & Support
CXO REVOLUTIONARIES
Amplifying the voices of real-world digital and zero trust pioneers
Discover how it began and where it’s going
Meet o
http://www.securityfocus.com/bid/105244http://www.securitytracker.com/id/1041623https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8467https://www.exploit-db.com/exploits/45572/http://www.securityfocus.com/bid/105244http://www.securitytracker.com/id/1041623https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8467https://www.exploit-db.com/exploits/45572/
2018-09-13
Published