Internet Explorer CVE-2018-8118 – Remote Code Execution

Authors:Scott Bell            Risk:Critical

CVE:CVE-2018-8118            0day:Remote Code Execution

0day-id:0DAY-8118             Date:2018-04-20

Summary

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka “Internet Explorer Memory Corruption Vulnerability.” This affects Internet Explorer 11, Internet Explorer 10.

Exploitability Assessment

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Publicly Disclosed Exploited Latest Software Release Older Software Release Denial of Service
No No 1 – Exploitation More Likely 1 – Exploitation More Likely Not Applicable

Affected Products

The following software versions or editions are affected. Versions or editions that are not listed are either past their support life cycle or are not affected. To determine the support life cycle for your software version or edition, see the Microsoft Support Lifecycle.

Product
Platform
Article
Download
Impact
Severity
Supersedence
Internet Explorer 10 Windows Server 2012 4088877 Monthly Rollup Remote Code Execution Low 4074593
4089187 IE Cumulative
Internet Explorer 11 Windows 10 Version 1607 for x64-based Systems 4088787 Security Update Remote Code Execution Important 4074590
Internet Explorer 11 Windows 10 Version 1709 for 32-bit Systems 4088776 Security Update Remote Code Execution Important 4074588
Internet Explorer 11 Windows 10 Version 1709 for 64-based Systems 4088776 Security Update Remote Code Execution Important 4074588
Internet Explorer 11 Windows 10 for 32-bit Systems 4088786 Security Update Remote Code Execution Important 4074596
Internet Explorer 11 Windows 10 for x64-based Systems 4088786 Security Update Remote Code Execution Important 4074596
Internet Explorer 11 Windows 10 Version 1511 for 32-bit Systems 4088779 Security Update Remote Code Execution Important 4074591
Internet Explorer 11 Windows 10 Version 1511 for x64-based Systems 4088779 Security Update Remote Code Execution Important 4074591
Internet Explorer 11 Windows 10 Version 1607 for 32-bit Systems 4088787 Security Update Remote Code Execution Important 4074590
Internet Explorer 11 Windows 10 Version 1703 for x64-based Systems 4088782 Security Update Remote Code Execution Important 4074592
Internet Explorer 11 Windows Server 2016 4088787 Security Update Remote Code Execution Low 4074590
Internet Explorer 11 Windows 7 for 32-bit Systems Service Pack 1 4088875 Monthly Rollup Remote Code Execution Important 4074598
4089187 IE Cumulative
Internet Explorer 11 Windows 7 for x64-based Systems Service Pack 1 4088875 Monthly Rollup Remote Code Execution Important 4074598
4089187 IE Cumulative
Internet Explorer 11 Windows 8.1 for 32-bit systems 4088876 Monthly Rollup Remote Code Execution Important 4074594
4089187 IE Cumulative
Internet Explorer 11 Windows 8.1 for x64-based systems 4088876 Monthly Rollup Remote Code Execution Important 4074594
4089187 IE Cumulative
Internet Explorer 11 Windows RT 8.1 4088876 Monthly Rollup  Remote Code Execution Important 4074594
Internet Explorer 11 Windows Server 2008 R2 for x64-based Systems Service Pack 1 4088875 Monthly Rollup Remote Code Execution Low 4074598
4089187 IE Cumulative
Internet Explorer 11 Windows 10 Version 1703 for 32-bit Systems 4088782 Security Update Remote Code Execution Important 4074592
Internet Explorer 11 Windows Server 2012 R2 4088876 Monthly Rollup Remote Code Execution Low 4074594
4089187 IE Cumulative

Mitigations

Microsoft has not identified any mitigating factors for this vulnerability.

 

Workarounds

Microsoft has not identified any workarounds for this vulnerability.

 

Acknowledgements

Scott Bell of Security-Assessment.com

Leave a Reply