CVE-2018-8174

Known Exploited (CISA KEV)HIGH

7.5

CVSS Severity Score

EPSS Score96.0120%

EPSS Percentile86.95th

Published2018年5月9日

Last Modified2025年10月28日

Vulnerability Description

A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka "Windows VBScript Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.

Affected Platforms (CPE)

💻

Microsoft

Windows 10 1607

All versions

💻

Microsoft

Windows 10 1703

All versions

💻

Microsoft

Windows 10 1709

All versions

💻

Microsoft

Windows 10 1803

All versions

💻

Microsoft

Windows 7

All versions

💻

Microsoft

Windows 8.1

All versions

💻

Microsoft

Windows Rt 8.1

All versions

💻

Microsoft

Windows Server 2008

All versions

💻

Microsoft

Windows Server 2008

= r2

💻

Microsoft

Windows Server 2008

= r2

💻

Microsoft

Windows Server 2012

All versions

💻

Microsoft

Windows Server 2012

= r2

💻

Microsoft

Windows Server 2016

All versions

References & Advisories

🔗 http://www.securityfocus.com/bid/103998

🔗 https://blog.0patch.com/2018/05/a-single-instruction-micropatch-for.html

🔗 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8174

🔗 https://www.exploit-db.com/exploits/44741/

🔗 http://www.securityfocus.com/bid/103998

🔗 https://blog.0patch.com/2018/05/a-single-instruction-micropatch-for.html

🔗 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8174

🔗 https://www.exploit-db.com/exploits/44741/

Vulnerability Description

Affected Platforms (CPE)

Windows 10 1607

Windows 10 1703

Windows 10 1709

Windows 10 1803

Windows 7

Windows 8.1

Windows Rt 8.1

Windows Server 2008

Windows Server 2008

Windows Server 2008

Windows Server 2012

Windows Server 2012

Windows Server 2016

References & Advisories

関連する脆弱性情報