A remote code execution vulnerability exists in "Microsoft COM for Windows" when it fails to properly handle serialized objects, aka "Microsoft COM for Windows Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
Published 2018-05-09 19:29:00
Updated 2024-08-08 14:50:32
View at NVD,   CVE.org
Vulnerability category: Execute code

CVE-2018-0824 is in the CISA Known Exploited Vulnerabilities Catalog

CISA vulnerability name:
Microsoft COM for Windows Deserialization of Untrusted Data Vulnerability
CISA required action:
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
CISA description:
Microsoft COM for Windows contains a deserialization of untrusted data vulnerability that allows for privilege escalation and remote code execution via a specially crafted file or script.
Notes:
https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2018-0824; https://nvd.nist.gov/vuln/detail/CVE-2018-0824
Added on 2024-08-05 Action due date 2024-08-26

Exploit prediction scoring system (EPSS) score for CVE-2018-0824

97.00%
Probability of exploitation activity in the next 30 days EPSS Score History
~ 100 %
Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2018-0824

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Score Source First Seen
5.1
MEDIUM AV:N/AC:H/Au:N/C:P/I:P/A:P
4.9
6.4
NIST
7.5
HIGH CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1.6
5.9
NIST
7.5
HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1.6
5.9
134c704f-9b21-4f2e-91b3-4a467353bcc0 2024-08-06
8.8
HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
2.8
5.9
NIST 2024-08-08

CWE ids for CVE-2018-0824

  • The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid.
    Assigned by:
    • 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)
    • nvd@nist.gov (Primary)

References for CVE-2018-0824

Products affected by CVE-2018-0824

This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!