CVE-2018-1004

Name of the Vulnerable Software and Affected Versions Windows 7 Windows Server 2012 R2 Internet Explorer 9 Windows RT 8.1 Windows Server 2012 Windows 8.1 Windows Server 2016 Windows Server 2008 R2 Windows 10

Description A remote code execution issue exists due to the way the VBScript engine handles objects in memory. This could allow an attacker to execute arbitrary code in the context of the current user by corrupting memory. If the current user has administrative rights, an attacker could take control of the affected system, install programs, view or modify data, or create new accounts with full user rights. The vulnerability can be exploited through a specially crafted web page or document.

Recommendations For Windows 7, consider applying security updates to address the issue. For Windows Server 2012 R2, apply the latest security patches to mitigate the risk. For Internet Explorer 9, update to a newer version of Internet Explorer or apply relevant security updates. For Windows RT 8.1, Windows Server 2012, Windows 8.1, Windows Server 2016, and Windows Server 2008 R2, ensure all security updates are installed to protect against this issue. For Windows 10, apply the latest Windows updates to resolve the vulnerability.