PT-2018-9089 · Microsoft · Com+10

Nicolas Joly

Publicado

2018-05-08

Atualizado

2025-10-28

CVE-2018-0824

CVSS v3.1

8.8

Alta

Vetor

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Microsoft COM for Windows versions prior to the fixed version

Description: A remote code execution issue exists in Microsoft COM for Windows when it fails to properly handle serialized objects. This allows remote attackers to execute arbitrary code and affect the system. The issue affects various Windows versions, including Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, and Windows 10 Servers.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

RCE

Deserialization of Untrusted Data

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-502

Identificadores relacionados

CVE-2018-0824

Produtos afetados

Com

Windows

Windows 10

Windows 7

Windows 8.1

Windows Rt 8.1

Windows Server 2008

Windows Server 2008 R2

Windows Server 2012

Windows Server 2012 R2

Windows Server 2016

PT-2018-9089 · Microsoft · Com+10

CVE-2018-0824

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 24