CVE-2018-8634
published 2018-12-12CVE-2018-8634: A remote code execution vulnerability exists in Windows where Microsoft text-to-speech fails to properly handle objects in the memory, aka "Microsoft…
PriorityP354high8.8CVSS 3.0
AVNACLPRNUIRSUCHIHAH
EPSS
14.51%
96.2th percentile
A remote code execution vulnerability exists in Windows where Microsoft text-to-speech fails to properly handle objects in the memory, aka "Microsoft Text-To-Speech Remote Code Execution Vulnerability." This affects Windows Server 2016, Windows 10, Windows Server 2019, Windows 10 Servers.
Affected
36 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10_servers | — | — |
| microsoft | windows_10_servers | — | — |
| microsoft | windows_server_2016 | — | — |
| microsoft | windows_server_2016 | — | — |
| microsoft | windows_server_2016 | — | — |
CVSS provenance
nvdv3.08.8HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
vendor_msrc4.2MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-hv2g-m5p7-x4pm: A remote code execution vulnerability exists in Windows where Microsoft text-to-speech fails to properly handle objects in the memory, aka "Microsoft
ghsa_unreviewed·2022-05-13
CVE-2018-8634 [HIGH] GHSA-hv2g-m5p7-x4pm: A remote code execution vulnerability exists in Windows where Microsoft text-to-speech fails to properly handle objects in the memory, aka "Microsoft
A remote code execution vulnerability exists in Windows where Microsoft text-to-speech fails to properly handle objects in the memory, aka "Microsoft Text-To-Speech Remote Code Execution Vulnerability." This affects Windows Server 2016, Windows 10, Windows Server 2019, Windows 10 Servers.
Microsoft
Microsoft Text-To-Speech Remote Code Execution Vulnerability
vendor_msrc·2018-12-11·CVSS 4.2
CVE-2018-8634 [HIGH] Microsoft Text-To-Speech Remote Code Execution Vulnerability
Microsoft Text-To-Speech Remote Code Execution Vulnerability
Description: A remote code execution vulnerability exists in Windows where Microsoft text-to-speech fails to properly handle objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
The security update addresses the vulnerability by correcting how the Microsoft text-to-speech handles objects in the memory.
Windows Authentication Methods: Windows Authentication Methods
Impact: Remote Code Execut
No detection rules found.
No public exploits indexed.
Trendmicro
Patch Tuesday Fixes Win32k, Windows DNS Server Flaws
blogs_trendmicro·2018-12-12·CVSS 7.8
CVE-2018-8611 [HIGH] Patch Tuesday Fixes Win32k, Windows DNS Server Flaws
Exploits & Vulnerabilities
## Patch Tuesday Fixes Win32k, Windows DNS Server Flaws
The just-released Patch Tuesday for December includes a fix for the actively exploited Win32k Elevation of Privilege Vulnerability (CVE-2018-8611).
By: Trend Micro Research Dec 12, 2018 Read time: ( words)
Save to Folio
The just-released Patch Tuesday for December includes a fix for the actively exploited Win32k Elevation of Privilege Vulnerability ( CVE-2018-8611 ). The flaw allows an attacker to exploit a bug in the Windows Kernel and run arbitrary code to install programs; view, change, or delete data; or create new accounts with full user rights. It is also pointed out as likely being used with other bugs in targeted attacks.
The patch release fixes another vulnerability that’s worth noting: CVE-20
Trendmicro
Patch Tuesday Fixes Win32k, Windows DNS Server Flaws
blogs_trendmicro·2018-12-12·CVSS 7.8
CVE-2018-8611 [HIGH] Patch Tuesday Fixes Win32k, Windows DNS Server Flaws
Ausnutzung von Schwachstellen
## Patch Tuesday Fixes Win32k, Windows DNS Server Flaws
The just-released Patch Tuesday for December includes a fix for the actively exploited Win32k Elevation of Privilege Vulnerability (CVE-2018-8611).
By: Trend Micro Research Dec 12, 2018 Read time: ( words)
Save to Folio
The just-released Patch Tuesday for December includes a fix for the actively exploited Win32k Elevation of Privilege Vulnerability ( CVE-2018-8611 ). The flaw allows an attacker to exploit a bug in the Windows Kernel and run arbitrary code to install programs; view, change, or delete data; or create new accounts with full user rights. It is also pointed out as likely being used with other bugs in targeted attacks.
The patch release fixes another vulnerability that’s worth noting: CVE
Trendmicro
Patch Tuesday Fixes Win32k, Windows DNS Server Flaws
blogs_trendmicro·2018-12-12·CVSS 7.8
CVE-2018-8611 [HIGH] Patch Tuesday Fixes Win32k, Windows DNS Server Flaws
Exploits & Vulnerabilities
# Patch Tuesday Fixes Win32k, Windows DNS Server Flaws
The just-released Patch Tuesday for December includes a fix for the actively exploited Win32k Elevation of Privilege Vulnerability (CVE-2018-8611).
By: Trend Micro Research
2018/12/12
Read time: ( words)
Save to Folio
The just-released Patch Tuesday for December includes a fix for the actively exploited Win32k Elevation of Privilege Vulnerability (CVE-2018-8611). The flaw allows an attacker to exploit a bug in the Windows Kernel and run arbitrary code to install programs; view, change, or delete data; or create new accounts with full user rights. It is also pointed out as likely being used with other bugs in targeted attacks.
The patch release fixes another vulnerability that’s worth noting: CVE-2018-8
Trendmicro
Patch Tuesday Fixes Win32k, Windows DNS Server Flaws
blogs_trendmicro·2018-12-12·CVSS 7.8
CVE-2018-8611 [HIGH] Patch Tuesday Fixes Win32k, Windows DNS Server Flaws
Exploits y vulnerabilidades
## Patch Tuesday Fixes Win32k, Windows DNS Server Flaws
The just-released Patch Tuesday for December includes a fix for the actively exploited Win32k Elevation of Privilege Vulnerability (CVE-2018-8611).
By: Trend Micro Research Dec 12, 2018 Read time: ( words)
Save to Folio
The just-released Patch Tuesday for December includes a fix for the actively exploited Win32k Elevation of Privilege Vulnerability ( CVE-2018-8611 ). The flaw allows an attacker to exploit a bug in the Windows Kernel and run arbitrary code to install programs; view, change, or delete data; or create new accounts with full user rights. It is also pointed out as likely being used with other bugs in targeted attacks.
The patch release fixes another vulnerability that’s worth noting: CVE-2
Trendmicro
Patch Tuesday Fixes Win32k, Windows DNS Server Flaws
blogs_trendmicro·2018-12-12·CVSS 7.8
CVE-2018-8611 [HIGH] Patch Tuesday Fixes Win32k, Windows DNS Server Flaws
Exploits & Vulnerabilities
## Patch Tuesday Fixes Win32k, Windows DNS Server Flaws
The just-released Patch Tuesday for December includes a fix for the actively exploited Win32k Elevation of Privilege Vulnerability (CVE-2018-8611).
By: Trend Micro Research 2018/12/12 Read time: ( words)
Save to Folio
The just-released Patch Tuesday for December includes a fix for the actively exploited Win32k Elevation of Privilege Vulnerability ( CVE-2018-8611 ). The flaw allows an attacker to exploit a bug in the Windows Kernel and run arbitrary code to install programs; view, change, or delete data; or create new accounts with full user rights. It is also pointed out as likely being used with other bugs in targeted attacks.
The patch release fixes another vulnerability that’s worth noting: CVE-2018
Trendmicro
Patch Tuesday Fixes Win32k, Windows DNS Server Flaws
blogs_trendmicro·2018-12-12·CVSS 7.8
CVE-2018-8611 [HIGH] Patch Tuesday Fixes Win32k, Windows DNS Server Flaws
Exploits & Vulnerabilities
## Patch Tuesday Fixes Win32k, Windows DNS Server Flaws
The just-released Patch Tuesday for December includes a fix for the actively exploited Win32k Elevation of Privilege Vulnerability (CVE-2018-8611).
By: Trend Micro Research Dec 12, 2018 Read time: ( words)
Save to Folio
The just-released Patch Tuesday for December includes a fix for the actively exploited Win32k Elevation of Privilege Vulnerability ( CVE-2018-8611 ). The flaw allows an attacker to exploit a bug in the Windows Kernel and run arbitrary code to install programmes; view, change, or delete data; or create new accounts with full user rights. It is also pointed out as likely being used with other bugs in targeted attacks.
The patch release fixes another vulnerability that’s worth noting: CVE-
2018-12-12
Published