Vulnerability Details : CVE-2018-8174
Public exploit exists!
Used for ransomware!
A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka "Windows VBScript Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
Vulnerability category: Execute code
Products affected by CVE-2018-8174
- cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*
- cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*
- cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_10_1607:-:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_10_1703:-:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_10_1709:-:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_10_1803:-:*:*:*:*:*:*:*
CVE-2018-8174 is in the CISA Known Exploited Vulnerabilities Catalog
This issue is known to have been leveraged as part of a ransomware campaign.
CISA vulnerability name:
Microsoft Windows VBScript Engine Out-of-Bounds Write Vulnerability
CISA required action:
Apply updates per vendor instructions.
CISA description:
A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka "Windows VBScript Engine Remote Code Execution"
Notes:
https://nvd.nist.gov/vuln/detail/CVE-2018-8174
Added on
2022-02-15
Action due date
2022-08-15
Exploit prediction scoring system (EPSS) score for CVE-2018-8174
94.28%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 100 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-8174
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.6
|
HIGH | AV:N/AC:H/Au:N/C:C/I:C/A:C |
4.9
|
10.0
|
NIST | |
|
7.5
|
HIGH | CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H |
1.6
|
5.9
|
NIST | |
|
7.5
|
HIGH | CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H |
1.6
|
5.9
|
134c704f-9b21-4f2e-91b3-4a467353bcc0 | 2025-02-07 |
|
7.5
|
HIGH | CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H |
1.6
|
5.9
|
NIST | 2025-04-08 |
CWE ids for CVE-2018-8174
-
The product writes data past the end, or before the beginning, of the intended buffer.Assigned by:
- 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)
- nvd@nist.gov (Primary)
References for CVE-2018-8174
-
https://blog.0patch.com/2018/05/a-single-instruction-micropatch-for.html
0patch Blog: Windows Updates Broke Your Networking? Free Micropatches To The Rescue (CVE-2018-8174)Exploit;Technical Description;Third Party Advisory
-
http://www.securityfocus.com/bid/103998
Microsoft Internet Explorer VBScript Engine CVE-2018-8174 Arbitrary Code Execution VulnerabilityThird Party Advisory;VDB Entry
-
https://www.exploit-db.com/exploits/44741/
Microsoft Internet Explorer 11 (Windows 7 x64/x86) - vbscript Code ExecutionExploit;Third Party Advisory;VDB Entry
-
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8174
CVE-2018-8174 | Windows VBScript Engine Remote Code Execution VulnerabilityPatch;Vendor Advisory
Jump to