CVE-2018-12368

Windows 10 does not warn users before opening executable files with the SettingContent-ms extension even when they have been downloaded from the internet and have the "Mark of the Web." Without the warning, unsuspecting users unfamiliar with this new file type might run an unwanted executable. This also allows a WebExtension with the limited downloads.open permission to execute arbitrary code without user interaction on Windows 10 systems. *Note: this issue only affects Windows operating systems. Other operating systems are unaffected.*. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61.

CVSS v3 8.1 HIGH
CVSS v2.0 9.3 HIGH

8.1^/10

CVSS v3 : HIGH

V3 Legend

Vector : AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability : 2.2 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

9.3^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www.securityfocus.com/bid/104560	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1041193	Third Party Advisory VDB Entry
https://bugzilla.mozilla.org/show_bug.cgi?id=1468217	Issue Tracking Permissions Required Vendor Advisory
https://posts.specterops.io/the-tale-of-settingcontent-ms-files-f1ea253e4d39	Exploit Third Party Advisory
https://security.gentoo.org/glsa/201810-01	Third Party Advisory
https://www.mozilla.org/security/advisories/mfsa2018-15/	Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2018-16/	Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2018-17/	Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2018-18/	Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2018-19/	Vendor Advisory
http://www.securityfocus.com/bid/104560	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1041193	Third Party Advisory VDB Entry
https://bugzilla.mozilla.org/show_bug.cgi?id=1468217	Issue Tracking Permissions Required Vendor Advisory
https://posts.specterops.io/the-tale-of-settingcontent-ms-files-f1ea253e4d39	Exploit Third Party Advisory
https://security.gentoo.org/glsa/201810-01	Third Party Advisory
https://www.mozilla.org/security/advisories/mfsa2018-15/	Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2018-16/	Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2018-17/	Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2018-18/	Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2018-19/	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:a:mozilla:firefox::::::::
	cpe:2.3:a:mozilla:firefox::::::::
	cpe:2.3:a:mozilla:firefox_esr::::::::
	cpe:2.3:a:mozilla:thunderbird::::::::

cpe:2.3:o:microsoft:windows_10:*:*:*:*:*:*:*:*

History

21 Nov 2024, 03:45

Type	Values Removed	Values Added
References	~~() http://www.securityfocus.com/bid/104560 - Third Party Advisory, VDB Entry~~	() http://www.securityfocus.com/bid/104560 - Third Party Advisory, VDB Entry
References	~~() http://www.securitytracker.com/id/1041193 - Third Party Advisory, VDB Entry~~	() http://www.securitytracker.com/id/1041193 - Third Party Advisory, VDB Entry
References	~~() https://bugzilla.mozilla.org/show_bug.cgi?id=1468217 - Issue Tracking, Permissions Required, Vendor Advisory~~	() https://bugzilla.mozilla.org/show_bug.cgi?id=1468217 - Issue Tracking, Permissions Required, Vendor Advisory
References	~~() https://posts.specterops.io/the-tale-of-settingcontent-ms-files-f1ea253e4d39 - Exploit, Third Party Advisory~~	() https://posts.specterops.io/the-tale-of-settingcontent-ms-files-f1ea253e4d39 - Exploit, Third Party Advisory
References	~~() https://security.gentoo.org/glsa/201810-01 - Third Party Advisory~~	() https://security.gentoo.org/glsa/201810-01 - Third Party Advisory
References	~~() https://www.mozilla.org/security/advisories/mfsa2018-15/ - Vendor Advisory~~	() https://www.mozilla.org/security/advisories/mfsa2018-15/ - Vendor Advisory
References	~~() https://www.mozilla.org/security/advisories/mfsa2018-16/ - Vendor Advisory~~	() https://www.mozilla.org/security/advisories/mfsa2018-16/ - Vendor Advisory
References	~~() https://www.mozilla.org/security/advisories/mfsa2018-17/ - Vendor Advisory~~	() https://www.mozilla.org/security/advisories/mfsa2018-17/ - Vendor Advisory
References	~~() https://www.mozilla.org/security/advisories/mfsa2018-18/ - Vendor Advisory~~	() https://www.mozilla.org/security/advisories/mfsa2018-18/ - Vendor Advisory
References	~~() https://www.mozilla.org/security/advisories/mfsa2018-19/ - Vendor Advisory~~	() https://www.mozilla.org/security/advisories/mfsa2018-19/ - Vendor Advisory

Information

Published : 2018-10-18 13:29

Updated : 2024-11-21 03:45

NVD link : CVE-2018-12368

Mitre link : CVE-2018-12368

CVE.ORG link : CVE-2018-12368

JSON object : View

Products Affected

microsoft

windows_10

mozilla

firefox_esr
thunderbird
firefox

CWE

NVD-CWE-noinfo

{"id": "CVE-2018-12368", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.2}]}, "published": "2018-10-18T13:29:03.307", "references": [{"url": "http://www.securityfocus.com/bid/104560", "tags": ["Third Party Advisory", "VDB Entry"], "source": "security@mozilla.org"}, {"url": "http://www.securitytracker.com/id/1041193", "tags": ["Third Party Advisory", "VDB Entry"], "source": "security@mozilla.org"}, {"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1468217", "tags": ["Issue Tracking", "Permissions Required", "Vendor Advisory"], "source": "security@mozilla.org"}, {"url": "https://posts.specterops.io/the-tale-of-settingcontent-ms-files-f1ea253e4d39", "tags": ["Exploit", "Third Party Advisory"], "source": "security@mozilla.org"}, {"url": "https://security.gentoo.org/glsa/201810-01", "tags": ["Third Party Advisory"], "source": "security@mozilla.org"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2018-15/", "tags": ["Vendor Advisory"], "source": "security@mozilla.org"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2018-16/", "tags": ["Vendor Advisory"], "source": "security@mozilla.org"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2018-17/", "tags": ["Vendor Advisory"], "source": "security@mozilla.org"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2018-18/", "tags": ["Vendor Advisory"], "source": "security@mozilla.org"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2018-19/", "tags": ["Vendor Advisory"], "source": "security@mozilla.org"}, {"url": "http://www.securityfocus.com/bid/104560", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securitytracker.com/id/1041193", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1468217", "tags": ["Issue Tracking", "Permissions Required", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://posts.specterops.io/the-tale-of-settingcontent-ms-files-f1ea253e4d39", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://security.gentoo.org/glsa/201810-01", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2018-15/", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2018-16/", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2018-17/", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2018-18/", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2018-19/", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Windows 10 does not warn users before opening executable files with the SettingContent-ms extension even when they have been downloaded from the internet and have the \"Mark of the Web.\" Without the warning, unsuspecting users unfamiliar with this new file type might run an unwanted executable. This also allows a WebExtension with the limited downloads.open permission to execute arbitrary code without user interaction on Windows 10 systems. *Note: this issue only affects Windows operating systems. Other operating systems are unaffected.*. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61."}, {"lang": "es", "value": "Windows 10 no advierte a los usuarios antes de abrir archivos ejecutables con la extensi\u00f3n SettingContent-ms incluso aunque hayan sido descargados de Internet y tengan la \"marca de la web\". Sin la advertencia, los usuarios incautos que no est\u00e1n familiarizados con este nuevo tipo de archivo podr\u00edan ejecutar un archivo no deseado. Esto tambi\u00e9n permite que una WebExtension con el permiso limitado downloads.open ejecute c\u00f3digo arbitrario sin interacci\u00f3n del usuario en sistemas Windows 10. Nota: este problema solo afecta a sistemas operativos Windows. Otros sistemas operativos no se han visto afectados *. La vulnerabilidad afecta a Thunderbird en versiones anteriores a la 60 y la 52.9, Firefox ESR en versiones anteriores a la 60.1 y la 52.9 y Firefox en versiones anteriores a la 61."}], "lastModified": "2024-11-21T03:45:04.250", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2F47E7EA-86AF-46A8-8E17-3360A8AE8492", "versionEndExcluding": "61.0"}, {"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C3B8C21C-B987-4585-BE32-7D9CB9FC1C24", "versionEndExcluding": "60.1.0", "versionStartIncluding": "53.0"}, {"criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A6C8C7E3-CDC4-4C30-A98D-CC55BF72A404", "versionEndExcluding": "52.9"}, {"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B8131415-A73C-42F1-BB3E-E5F09CDD7FC4", "versionEndExcluding": "52.9"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_10:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "FBC814B4-7DEC-4EFC-ABFF-08FFD9FD16AA"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "security@mozilla.org"}

8.1 /10