{"id":86244,"date":"2018-05-10T17:20:17","date_gmt":"2018-05-10T11:50:17","guid":{"rendered":"https:\/\/blogs_admin.quickheal.com\/?p=86244"},"modified":"2018-05-10T19:17:23","modified_gmt":"2018-05-10T13:47:23","slug":"cve-2018-8174-windows-vbscript-engine-remote-code-execution-vulnerability-advisory-quick-heal-security-labs","status":"publish","type":"post","link":"https:\/\/www.quickheal.com\/blogs\/cve-2018-8174-windows-vbscript-engine-remote-code-execution-vulnerability-advisory-quick-heal-security-labs\/","title":{"rendered":"CVE-2018-8174: Windows VBScript Engine Remote Code Execution Vulnerability &#8211; An advisory by Quick Heal Security Labs"},"content":{"rendered":"<p>The recent zero-day vulnerability in Windows VBScript Engine (<a href=\"https:\/\/portal.msrc.microsoft.com\/en-US\/security-guidance\/advisory\/CVE-2018-8174\">CVE-2018-8174<\/a>), enables attackers to perform\u00a0a\u00a0remote code execution on targeted machines. Microsoft has released a security advisory\u00a0<a href=\"https:\/\/portal.msrc.microsoft.com\/en-us\/security-guidance\/advisory\/CVE-2018-8174\">CVE-2018-8174<\/a>\u00a0on May 8, 2018, to address this issue. According to\u00a0Microsoft, it impacts most of the Windows Operating Systems.<\/p>\n<p><b>Vulnerable versions<\/b><\/p>\n<ul>\n<li>Windows 7 x86 and x64 versions<\/li>\n<li>Windows Server 2012 R2<\/li>\n<li>Windows RT 8.1<\/li>\n<li>Windows Server 2008<\/li>\n<li>Windows Server 2012<\/li>\n<li>Windows 8.1<\/li>\n<li>Windows Server 2016<\/li>\n<li>Windows Server 2008 R2<\/li>\n<li>Windows 10<\/li>\n<li>Windows 10 Servers<\/li>\n<\/ul>\n<p><b>About the vulnerability<\/b><\/p>\n<p>This is a use-after-free vulnerability in VBScript Engine\u00a0which\u00a0allows attackers to perform a remote code execution on targeted machines. After successful exploitation, attackers can take control of the vulnerable systems and download and execute malware on them.<\/p>\n<p>The vulnerability is currently being exploited in the wild through a malicious Office document which is a Microsoft Office\/WordPad exploit\u00a0(<a href=\"https:\/\/blogs.quickheal.com\/cve-2017-0199-microsoft-officewordpad-remote-code-execution-vulnerability-wwindows-api\/\">CVE-2017-0199<\/a>).\u00a0The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.<\/p>\n<p><b>Quick Heal detection<\/b><\/p>\n<p>Quick\u00a0Heal\u2019s\u00a0generic detection &#8216;Exp.RTF.CVE-2017-0199.AO&#8217; for Microsoft Office\/WordPad\u00a0exploit (CVE-2017-0199), released on\u00a0December 12,\u00a02017,\u00a0detects\u00a0the initial attack vector observed in the wild.<\/p>\n<p>Quick Heal has released the following detection for the vulnerability CVE-2018-8174:<\/p>\n<ul>\n<li>Exp.IE.CVE-2018-8174<\/li>\n<li>HTTP\/CVE-2018-8174.IE<\/li>\n<\/ul>\n<p>Quick Heal Security Labs is actively looking for new in-wild exploits for this vulnerability and ensuring coverage for them.<\/p>\n<p><b>References<\/b><\/p>\n<p><a href=\"https:\/\/portal.msrc.microsoft.com\/en-us\/security-guidance\/advisory\/CVE-2018-8174\">https:\/\/portal.msrc.microsoft.com\/en-us\/security-guidance\/advisory\/CVE-2018-8174<\/a><br \/>\n<a href=\"https:\/\/blogs.360.cn\/blog\/cve-2018-8174-en\/\">https:\/\/blogs.360.cn\/blog\/cve-2018-8174-en\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>The recent zero-day vulnerability in Windows VBScript Engine (CVE-2018-8174), enables attackers to perform\u00a0a\u00a0remote code execution on targeted machines. Microsoft has released a security advisory\u00a0CVE-2018-8174\u00a0on May 8, 2018, to address this issue. According to\u00a0Microsoft, it impacts most of the Windows Operating Systems. Vulnerable versions Windows 7 x86 and x64 versions Windows Server 2012 R2 Windows RT [&hellip;]<\/p>\n","protected":false},"author":42,"featured_media":86070,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[75,36,1395],"tags":[1601,1173,71,1602,1600],"class_list":["post-86244","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-microsoft-windows","category-security-patch","category-vulnerability","tag-cve-2018-8174","tag-exploit","tag-internet-explorer","tag-rce","tag-vbscript"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/posts\/86244"}],"collection":[{"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/users\/42"}],"replies":[{"embeddable":true,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/comments?post=86244"}],"version-history":[{"count":5,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/posts\/86244\/revisions"}],"predecessor-version":[{"id":86250,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/posts\/86244\/revisions\/86250"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/media\/86070"}],"wp:attachment":[{"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/media?parent=86244"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/categories?post=86244"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/tags?post=86244"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}