A remote code execution vulnerability exists in "Microsoft COM for Windows" when it fails to properly handle serialized objects, aka "Microsoft COM for Windows Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/104030 | Broken Link Third Party Advisory VDB Entry |
http://www.securitytracker.com/id/1040848 | Broken Link Third Party Advisory VDB Entry |
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0824 | Patch Vendor Advisory |
https://www.exploit-db.com/exploits/44906/ | Exploit Third Party Advisory VDB Entry |
Configurations
Configuration 1 (hide)
|
History
08 Aug 2024, 14:50
Type | Values Removed | Values Added |
---|---|---|
First Time |
Microsoft windows Server 1803
Microsoft windows 10 1507 Microsoft windows Server 1709 Microsoft windows 10 1607 Microsoft windows 10 1709 Microsoft windows 10 1803 Microsoft windows 10 1703 |
|
CVSS |
v2 : v3 : |
v2 : 5.1
v3 : 8.8 |
References | () http://www.securityfocus.com/bid/104030 - Broken Link, Third Party Advisory, VDB Entry | |
References | () http://www.securitytracker.com/id/1040848 - Broken Link, Third Party Advisory, VDB Entry | |
CPE | cpe:2.3:o:microsoft:windows_server_2016:1709:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_server_2016:1803:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:* |
cpe:2.3:o:microsoft:windows_10_1703:-:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_10_1507:-:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_server_1709:-:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_10_1607:-:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_10_1709:-:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_10_1803:-:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_server_1803:-:*:*:*:*:*:*:* |
Information
Published : 2018-05-09 19:29
Updated : 2024-08-08 14:50
NVD link : CVE-2018-0824
Mitre link : CVE-2018-0824
CVE.ORG link : CVE-2018-0824
JSON object : View
Products Affected
microsoft
- windows_10_1803
- windows_server_2012
- windows_8.1
- windows_server_1709
- windows_server_2016
- windows_10_1507
- windows_7
- windows_10_1709
- windows_server_1803
- windows_10_1607
- windows_server_2008
- windows_10_1703
- windows_rt_8.1
CWE
CWE-502
Deserialization of Untrusted Data