{"id":12253,"date":"2018-05-10T04:20:06","date_gmt":"2018-05-10T12:20:06","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2018\/05\/10\/news-6022\/"},"modified":"2018-05-10T04:20:06","modified_gmt":"2018-05-10T12:20:06","slug":"news-6022","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2018\/05\/10\/news-6022\/","title":{"rendered":"CVE-2018-8174 : Windows VBScript Engine Remote Code Execution Vulnerability &#8211; An advisory by Quick Heal Security Labs"},"content":{"rendered":"<p><strong>Credit to Author: Prashant Kadam| Date: Thu, 10 May 2018 11:50:17 +0000<\/strong><\/p>\n<p>Estimated reading time: 1 minuteThe recent zero-day vulnerability in Windows VBScript Engine (CVE-2018-8174), enables attackers to perform\u00a0a\u00a0remote code execution on targeted machines. Microsoft has released a security advisory\u00a0CVE-2018-8174\u00a0on May 8, 2018, to address this issue. According to\u00a0Microsoft, it impacts most of the Windows Operating Systems. Vulnerable versions Windows 7 x86 and x64 versions Windows Server 2012 R2 Windows RT 8.1 Windows Server 2008 Windows Server 2012 Windows 8.1 Windows Server 2016 Windows Server 2008 R2 Windows 10 Windows 10 Servers About the vulnerability This is a use-after-free vulnerability in VBScript Engine\u00a0which\u00a0allows attackers to perform a remote code execution on targeted machines. After successful exploitation, attackers can take control of the vulnerable systems and download and execute malware on them. The vulnerability is currently being exploited in the wild through a malicious Office document which is a Microsoft Office\/WordPad exploit\u00a0(CVE-2017-0199).\u00a0The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. Quick Heal detection Quick\u00a0Heal\u2019s\u00a0generic detection &#8216;Exp.RTF.CVE-2017-0199.AO&#8217; for Microsoft Office\/WordPad\u00a0exploit (CVE-2017-0199), released on\u00a0December 12,\u00a02017,\u00a0detects\u00a0the initial attack vector observed in the wild. Quick Heal\/Seqrite has released the following detection for the vulnerability CVE-2018-8174: Exp.IE.CVE-2018-8174 HTTP\/CVE-2018-8174.IE Quick Heal Security Labs is actively looking for new in-wild exploits for this vulnerability and ensuring coverage for them. References https:\/\/portal.msrc.microsoft.com\/en-us\/security-guidance\/advisory\/CVE-2018-8174 http:\/\/blogs.360.cn\/blog\/cve-2018-8174-en\/ The post CVE-2018-8174 : Windows VBScript Engine Remote Code Execution Vulnerability &#8211; An advisory by Quick Heal Security Labs appeared first on Quick Heal Technologies Security Blog | Latest computer security news, tips, and advice.<br \/><a href=\"http:\/\/blogs.quickheal.com\/cve-2018-8174-windows-vbscript-engine-remote-code-execution-vulnerability-advisory-quick-heal-security-labs\/\" target=\"bwo\" >http:\/\/blogs.quickheal.com\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p><strong>Credit to Author: Prashant Kadam| Date: Thu, 10 May 2018 11:50:17 +0000<\/strong><\/p>\n<p>The recent zero-day vulnerability in Windows VBScript Engine (CVE-2018-8174), enables attackers to perform\u00a0a\u00a0remote code execution on targeted machines. Microsoft has released a security advisory\u00a0CVE-2018-8174\u00a0on May 8, 2018, to address this issue. According to\u00a0Microsoft, it impacts most of the Windows Operating Systems. Vulnerable versions Windows 7 x86 and x64 versions Windows&#8230;<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10459,10378],"tags":[18334,11638,10829,3495,18364,10596,18365,10467],"class_list":["post-12253","post","type-post","status-publish","format-standard","hentry","category-quickheal","category-security","tag-cve-2018-8174","tag-exploit","tag-internet-explorer","tag-microsoft-windows","tag-rce","tag-security-patch","tag-vbscript","tag-vulnerability"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/12253","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=12253"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/12253\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=12253"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=12253"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=12253"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}