Multiple vulnerabilities in Microsoft Products (ESU)

説明

Multiple vulnerabilities were found in Microsoft Products (Extended Support Update). Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information, gain privileges, cause denial of service.

Below is a complete list of vulnerabilities:

1. A memory corruption vulnerability in Internet Explorer can be exploited remotely via specially crafted website to execute arbitrary code.
2. A remote code execution vulnerability in Windows VBScript Engine can be exploited remotely via specially crafted website to execute arbitrary code.
3. An information disclosure vulnerability in Scripting Engine can be exploited remotely via specially crafted content to obtain sensitive information.
4. An elevation of privilege vulnerability in Graphics Component Font Parsing can be exploited remotely via specially crafted application to gain privileges.
5. A memory corruption vulnerability in Scripting Engine can be exploited remotely via specially crafted website to obtain sensitive information.
6. An information disclosure vulnerability in Windows Kernel can be exploited remotely via specially crafted application to obtain sensitive information.
7. A denial of service vulnerability in Windows SNMP Service can be exploited remotely to cause denial of service.
8. A memory corruption vulnerability in Scripting Engine can be exploited remotely via specially crafted website to execute arbitrary code.
9. An information disclosure vulnerability in Scripting Engine can be exploited remotely via specially crafted website to obtain sensitive information.
10. A denial of service vulnerability in Microsoft Graphics Component can be exploited remotely to cause denial of service.
11. A remote code execution vulnerability in Microsoft Graphics can be exploited remotely via specially crafted embedded to execute arbitrary code.
12. A denial of service vulnerability in Windows Remote Desktop Protocol (RDP) can be exploited remotely via specially crafted requests to cause denial of service.
13. A remote code execution vulnerability in Microsoft JET Database Engine can be exploited remotely via specially crafted to execute arbitrary code.

オリジナルアドバイザリー

• CVE-2018-1020

• CVE-2018-1004
• CVE-2018-0987
• CVE-2018-1008
• CVE-2018-0981
• CVE-2018-0969
• CVE-2018-0967
• CVE-2018-1001
• CVE-2018-1000
• CVE-2018-0989
• CVE-2018-0988
• CVE-2018-0960
• CVE-2018-0887
• CVE-2018-8116
• CVE-2018-0996
• CVE-2018-1015
• CVE-2018-1016
• CVE-2018-1010
• CVE-2018-1012
• CVE-2018-1013
• CVE-2018-0970
• CVE-2018-0971
• CVE-2018-0972
• CVE-2018-0973
• CVE-2018-0974
• CVE-2018-0975
• CVE-2018-0976
• CVE-2018-1003

エクスプロイテーション

Public exploits exist for this vulnerability.

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

関連製品

• Microsoft-Internet-Explorer
• Microsoft-Windows
• Microsoft-Windows-Server
• Microsoft-Windows-Server-2012
• Microsoft-Windows-8
• Microsoft-Windows-7
• Microsoft-Windows-Server-2008
• Windows-RT
• Microsoft-Windows-10

CVEリスト

• CVE-2018-0887
  high
• CVE-2018-0960
  high
• CVE-2018-0967
  high
• CVE-2018-0969
  high
• CVE-2018-0970
  high
• CVE-2018-0971
  high
• CVE-2018-0972
  high
• CVE-2018-0973
  high
• CVE-2018-0974
  high
• CVE-2018-0975
  high
• CVE-2018-0976
  high
• CVE-2018-1003
  critical
• CVE-2018-1004
  critical
• CVE-2018-1008
  high
• CVE-2018-1010
  critical
• CVE-2018-1012
  critical
• CVE-2018-1013
  critical
• CVE-2018-1015
  critical
• CVE-2018-1016
  critical
• CVE-2018-8116
  high
• CVE-2018-0981
  high
• CVE-2018-1000
  high
• CVE-2018-1001
  critical
• CVE-2018-1020
  critical
• CVE-2018-0988
  critical
• CVE-2018-0987
  warning
• CVE-2018-0989
  warning
• CVE-2018-0996
  critical

KBリスト

• 4093478
• 4093224
• 4093227
• 4093223
• 4093108
• 4093118
• 4093257
• 4091756
• 4092946

も参照してください

お住まいの地域に広がる脆弱性の統計をご覧ください statistics.securelist.com