Описание
Multiple vulnerabilities were found in Microsoft Products (Extended Support Update). Malicious users can exploit these vulnerabilities to gain privileges, execute arbitrary code, obtain sensitive information, bypass security restrictions.
Below is a complete list of vulnerabilities:
- An elevation of privilege vulnerability in Win32k can be exploited remotely via specially crafted application to gain privileges.
- A remote code execution vulnerability in Windows Hyper-V can be exploited remotely via specially crafted application to execute arbitrary code.
- An information disclosure vulnerability in Windows GDI can be exploited remotely via specially crafted application to obtain sensitive information.
- An information disclosure vulnerability in Windows Media Player can be exploited remotely via specially crafted hyperlink to obtain sensitive information.
- A remote code execution vulnerability in MS XML can be exploited remotely via specially crafted website to execute arbitrary code.
- An information disclosure vulnerability in DirectX can be exploited remotely via specially crafted application to obtain sensitive information.
- An elevation of privilege vulnerability in Microsoft Filter Manager can be exploited remotely via specially crafted file to gain privileges.
- An information disclosure vulnerability in Windows Kernel can be exploited remotely via specially crafted application to obtain sensitive information.
- A remote code execution vulnerability in Windows Theme API can be exploited remotely via specially crafted file to execute arbitrary code.
- An elevation of privilege vulnerability in NTFS can be exploited remotely via specially crafted application to gain privileges.
- A security feature bypass vulnerability in Windows DNS can be exploited remotely to bypass security restrictions.
- A remote code execution vulnerability in Microsoft JET Database Engine can be exploited remotely via specially crafted to execute arbitrary code.
- A remote code execution vulnerability in Microsoft Graphics Components can be exploited remotely via specially crafted file to execute arbitrary code.
- An information disclosure vulnerability in Microsoft Graphics Components can be exploited remotely via specially crafted file to obtain sensitive information.
Первичный источник обнаружения
- CVE-2018-8453
CVE-2018-8489
CVE-2018-8472
CVE-2018-8481
CVE-2018-8482
CVE-2018-8494
CVE-2018-8486
CVE-2018-8333
CVE-2018-8330
CVE-2018-8413
CVE-2018-8411
CVE-2018-8320
CVE-2018-8423
CVE-2018-8432
CVE-2018-8427
Эксплуатация
Public exploits exist for this vulnerability.
Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.
Связанные продукты
- Microsoft-Office
- Microsoft-Excel
- Microsoft-Word
- Microsoft-Windows
- Microsoft-Windows-Server
- Microsoft-Windows-Server-2012
- Microsoft-Windows-8
- Microsoft-Windows-7
- Microsoft-Windows-Server-2008
- Windows-RT
- Microsoft-Windows-10
Список CVE
- CVE-2018-8320 warning
- CVE-2018-8333 high
- CVE-2018-8423 critical
- CVE-2018-8432 critical
- CVE-2018-8486 high
- CVE-2018-8330 high
- CVE-2018-8472 high
- CVE-2018-8481 warning
- CVE-2018-8482 warning
- CVE-2018-8413 critical
- CVE-2018-8453 critical
- CVE-2018-8411 critical
- CVE-2018-8494 critical
- CVE-2018-8427 high
- CVE-2018-8489 critical
Список KB
Смотрите также
Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com
Нашли неточность в описании этой уязвимости? Дайте нам знать!