CVE-2018-0824

A remote code execution vulnerability exists in "Microsoft COM for Windows" when it fails to properly handle serialized objects, aka "Microsoft COM for Windows Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.8 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
microsoftwindows_10_1507
-
microsoftwindows_10_1607
-
microsoftwindows_10_1703
-
microsoftwindows_10_1709
-
microsoftwindows_10_1803
-
microsoftwindows_7
-
microsoftwindows_8.1
-
microsoftwindows_rt_8.1
-
microsoftwindows_server_1709
-
microsoftwindows_server_1803
-
microsoftwindows_server_2008
-
microsoftwindows_server_2012
-
microsoftwindows_server_2016
-
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
microsoftwindows_7
𝑥
≤ *
ADP
microsoftwindows_8.1
𝑥
≤ *
ADP
microsoftwindows_rt_8.1
𝑥
≤ *
ADP
microsoftwindows_server_2012
𝑥
≤ *
ADP
microsoftwindows_10
𝑥
≤ *
ADP
microsoftwindows_server_2016
𝑥
≤ *
ADP
microsoftwindows_server_2008
𝑥
≤ *
ADP
Windows Releases
Platform
Version
Windows 10
(x64, x86)
KB4103716
1607 (x64, x86)
KB4103723
1703 (x64, x86)
KB4103731
1709 (x64, x86)
KB4103727
1803 (x64, x86)
KB4103721
Windows 7
Service Pack 1 (x64, x86)
KB4103718
Windows 8.1
(x64, x86)
KB4103725
Windows RT 8.1
All
KB4103725
Windows Server
1709 Server Core
KB4103727
1803 Server Core
KB4103721
Windows Server 2008
Service Pack 2 (x64, x86)
KB4101477
Service Pack 2 Server Core (x64, x86)
KB4101477
Windows Server 2008 R2
Service Pack 1 (x64)
KB4103718
Service Pack 1 Server Core (x64)
KB4103718
Windows Server 2012
Server Core
KB4103730
Standard
KB4103730
Windows Server 2012 R2
Server Core
KB4103725
Standard
KB4103725
Windows Server 2016
Server Core
KB4103723
Standard
KB4103723
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/104030
http://www.securitytracker.com/id/1040848
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0824
https://www.exploit-db.com/exploits/44906/
http://www.securityfocus.com/bid/104030
http://www.securitytracker.com/id/1040848
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0824
https://www.exploit-db.com/exploits/44906/
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-0824