Multiple vulnerabilties in Microsoft Products (ESU)

Описание

Multiple vulnerabilities were found in Microsoft Products (Extended Support Update). Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges, obtain sensitive information.

Below is a complete list of vulnerabilities:

1. A remote code execution vulnerability in StructuredQuery can be exploited remotely via specially crafted file to execute arbitrary code.
2. An elevation of privilege vulnerability in Windows Kernel can be exploited remotely via specially crafted application to gain privileges.
3. An information disclosure vulnerability in Windows Kernel can be exploited remotely via specially crafted application to obtain sensitive information.
4. An elevation of privilege vulnerability in Windows Common Log File System Driver can be exploited remotely via specially crafted application to gain privileges.
5. A memory corruption vulnerability in Windows Scripting Engine can be exploited remotely to obtain sensitive information.
6. A memory corruption vulnerability in Scripting Engine can be exploited remotely via specially crafted website to execute arbitrary code.
7. An information disclosure vulnerability in Windows EOT Font Engine can be exploited remotely via specially crafted embedded to obtain sensitive information.

Первичный источник обнаружения

• CVE-2018-0825
  CVE-2018-0842
  CVE-2018-0829
  CVE-2018-0844
  CVE-2018-0846
  CVE-2018-0847
  CVE-2018-0830
  CVE-2018-0866
  CVE-2018-0742
  CVE-2018-0757
  CVE-2018-0761
  CVE-2018-0760
  CVE-2018-0810
  CVE-2018-0855
  CVE-2018-0820
  CVE-2018-0755
  ADV180005
  

Эксплуатация

Public exploits exist for this vulnerability.

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Связанные продукты

• Microsoft-Internet-Explorer
• Microsoft-Windows
• Microsoft-Windows-Server
• Microsoft-Windows-Server-2012
• Microsoft-Windows-8
• Microsoft-Windows-7
• Microsoft-Windows-Server-2008
• Windows-RT
• Microsoft-Windows-10

Список CVE

• CVE-2018-0742
  warning
• CVE-2018-0755
  warning
• CVE-2018-0757
  warning
• CVE-2018-0760
  warning
• CVE-2018-0761
  warning
• CVE-2018-0810
  warning
• CVE-2018-0820
  warning
• CVE-2018-0825
  critical
• CVE-2018-0829
  warning
• CVE-2018-0830
  warning
• CVE-2018-0842
  high
• CVE-2018-0844
  warning
• CVE-2018-0846
  warning
• CVE-2018-0847
  warning
• CVE-2018-0855
  warning
• CVE-2018-0866
  critical

Список KB

• 4074598
• 4074587
• 4074603
• 4073080
• 4074851
• 4058165
• 4074836
• 4073079
• 4034044
• 4074736

Смотрите также

Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com