Kaspersky Threats

Beschreibung

Multiple serious vulnerabilities were found in Microsoft Development tools. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, bypass security restrictions and obtain sensitive information.

Below is a complete list of vulnerabilities:

Multiple memory corruption vulnerabilities in ChakraCore can be exploited remotely to execute arbitrary code;
An improper requests handling vulnerability in Microsoft.Data.OData can be exploited remotely via specially crafted requests to cause denial of service;
A spoofing vulnerability in Azure IoT Device Provisioning for the C SDK library can be exploited remotely to bypass security restrictions;
Multiple information disclosure vulnerabilities in ChakraCore can be exploited remotely via specilally crafted website to obtain sensitive information;
An improper requests handling vulnerability in System.IO.Pipelines can be exploited remotely via specially crafted requests to cause denial of service.
A memory corruption vulnerability in ChakraCore can be exploited remotely to execute arbitrary code.
A remote code execution vulnerability in Microsoft .NET Framework can be exploited remotely to execute arbitrary code.

Ursprüngliche Informationshinweise

CVE Liste

CVE-2018-8391
critical
CVE-2018-8466
critical
CVE-2018-8269
critical
CVE-2018-8479
critical
CVE-2018-8315
critical
CVE-2018-8459
critical
CVE-2018-8409
critical
CVE-2018-8367
critical
CVE-2018-8354
critical
CVE-2018-8421
critical
CVE-2018-8452
critical
CVE-2018-8456
critical
CVE-2018-8465
critical
CVE-2018-8467
critical

KB Liste

Mehr erfahren

Informieren Sie sich über die Statistiken der in Ihrer Region verbreiteten Sicherheitslücken statistics.securelist.com

Sie haben einen Fehler in der Beschreibung der Schwachstelle gefunden? Mitteilen!