Description
Multiple vulnerabilities were found in Microsoft Products (Extended Support Update). Malicious users can exploit these vulnerabilities to gain privileges, execute arbitrary code, obtain sensitive information, bypass security restrictions.
Below is a complete list of vulnerabilities:
- An elevation of privilege vulnerability in Win32k can be exploited remotely via specially crafted application to gain privileges.
- A remote code execution vulnerability in Windows Hyper-V can be exploited remotely via specially crafted application to execute arbitrary code.
- An information disclosure vulnerability in Windows GDI can be exploited remotely via specially crafted application to obtain sensitive information.
- An information disclosure vulnerability in Windows Media Player can be exploited remotely via specially crafted hyperlink to obtain sensitive information.
- A remote code execution vulnerability in MS XML can be exploited remotely via specially crafted website to execute arbitrary code.
- An information disclosure vulnerability in DirectX can be exploited remotely via specially crafted application to obtain sensitive information.
- An elevation of privilege vulnerability in Microsoft Filter Manager can be exploited remotely via specially crafted file to gain privileges.
- An information disclosure vulnerability in Windows Kernel can be exploited remotely via specially crafted application to obtain sensitive information.
- A remote code execution vulnerability in Windows Theme API can be exploited remotely via specially crafted file to execute arbitrary code.
- An elevation of privilege vulnerability in NTFS can be exploited remotely via specially crafted application to gain privileges.
- A security feature bypass vulnerability in Windows DNS can be exploited remotely to bypass security restrictions.
- A remote code execution vulnerability in Microsoft JET Database Engine can be exploited remotely via specially crafted to execute arbitrary code.
- A remote code execution vulnerability in Microsoft Graphics Components can be exploited remotely via specially crafted file to execute arbitrary code.
- An information disclosure vulnerability in Microsoft Graphics Components can be exploited remotely via specially crafted file to obtain sensitive information.
Fiches de renseignement originales
- CVE-2018-8489
- CVE-2018-8472
- CVE-2018-8481
- CVE-2018-8482
- CVE-2018-8494
- CVE-2018-8486
- CVE-2018-8333
- CVE-2018-8330
- CVE-2018-8413
- CVE-2018-8411
- CVE-2018-8320
- CVE-2018-8423
- CVE-2018-8432
- CVE-2018-8427
Exploitation
Public exploits exist for this vulnerability.
Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.
Produits associés
- Microsoft-Office
- Microsoft-Excel
- Microsoft-Word
- Microsoft-Windows
- Microsoft-Windows-Server
- Microsoft-Windows-Server-2012
- Microsoft-Windows-8
- Microsoft-Windows-7
- Microsoft-Windows-Server-2008
- Windows-RT
- Microsoft-Windows-10
Liste CVE
- CVE-2018-8320 warning
- CVE-2018-8333 high
- CVE-2018-8423 critical
- CVE-2018-8432 critical
- CVE-2018-8486 high
- CVE-2018-8330 high
- CVE-2018-8472 high
- CVE-2018-8481 warning
- CVE-2018-8482 warning
- CVE-2018-8413 critical
- CVE-2018-8453 critical
- CVE-2018-8411 critical
- CVE-2018-8494 critical
- CVE-2018-8427 high
- CVE-2018-8489 critical
Liste KB
En savoir plus
Découvrez les statistiques de la propagation des vulnérabilités dans votre région statistics.securelist.com
Vous avez trouvé une inexactitude dans la description de cette vulnérabilité ? Faites-le nous savoir !