BID:104586

Microsoft Internet Explorer CVE-2018-8118 Remote Code Execution Vulnerability

Info

Microsoft Internet Explorer CVE-2018-8118 Remote Code Execution Vulnerability

Bugtraq ID:	104586
Class:	Design Error
CVE:	CVE-2018-8118
Remote:	Yes
Local:	No
Published:	Apr 06 2018 12:00AM
Updated:	Apr 06 2018 12:00AM
Credit:	Scott Bell of Security-Assessment.com
Vulnerable:	Microsoft Internet Explorer 11 + Microsoft Windows 10 for 32-bit Systems 0 + Microsoft Windows 10 for 32-bit Systems 0 + Microsoft Windows 10 for 32-bit Systems 0 + Microsoft Windows 10 for 32-bit Systems 0 + Microsoft Windows 10 for 32-bit Systems 0 + Microsoft Windows 10 for x64-based Systems 0 + Microsoft Windows 10 for x64-based Systems 0 + Microsoft Windows 10 for x64-based Systems 0 + Microsoft Windows 10 for x64-based Systems 0 + Microsoft Windows 10 for x64-based Systems 0 + Microsoft Windows 10 version 1511 for 32-bit Systems 0 + Microsoft Windows 10 version 1511 for 32-bit Systems 0 + Microsoft Windows 10 version 1511 for 32-bit Systems 0 + Microsoft Windows 10 version 1511 for 32-bit Systems 0 + Microsoft Windows 10 version 1511 for 32-bit Systems 0 + Microsoft Windows 10 version 1511 for x64-based Systems 0 + Microsoft Windows 10 version 1511 for x64-based Systems 0 + Microsoft Windows 10 version 1511 for x64-based Systems 0 + Microsoft Windows 10 version 1511 for x64-based Systems 0 + Microsoft Windows 10 version 1511 for x64-based Systems 0 + Microsoft Windows 10 Version 1607 for 32-bit Systems 0 + Microsoft Windows 10 Version 1607 for 32-bit Systems 0 + Microsoft Windows 10 Version 1607 for 32-bit Systems 0 + Microsoft Windows 10 Version 1607 for x64-based Systems 0 + Microsoft Windows 10 Version 1607 for x64-based Systems 0 + Microsoft Windows 10 Version 1607 for x64-based Systems 0 + Microsoft Windows 10 version 1703 for 32-bit Systems 0 + Microsoft Windows 10 version 1703 for 32-bit Systems 0 + Microsoft Windows 10 version 1703 for 32-bit Systems 0 + Microsoft Windows 10 version 1703 for x64-based Systems 0 + Microsoft Windows 10 version 1703 for x64-based Systems 0 + Microsoft Windows 10 version 1703 for x64-based Systems 0 + Microsoft Windows 10 version 1709 for 32-bit Systems 0 + Microsoft Windows 10 version 1709 for 32-bit Systems 0 + Microsoft Windows 10 version 1709 for x64-based Systems 0 + Microsoft Windows 10 version 1709 for x64-based Systems 0 + Microsoft Windows 10 Version 1803 for 32-bit Systems 0 + Microsoft Windows 10 Version 1803 for x64-based Systems 0 + Microsoft Windows 7 for 32-bit Systems SP1 + Microsoft Windows 7 for 32-bit Systems SP1 + Microsoft Windows 7 for 32-bit Systems SP1 + Microsoft Windows 7 for 32-bit Systems SP1 + Microsoft Windows 7 for 32-bit Systems SP1 + Microsoft Windows 7 for x64-based Systems SP1 + Microsoft Windows 7 for x64-based Systems SP1 + Microsoft Windows 7 for x64-based Systems SP1 + Microsoft Windows 7 for x64-based Systems SP1 + Microsoft Windows 7 for x64-based Systems SP1 + Microsoft Windows 8.1 for 32-bit Systems 0 + Microsoft Windows 8.1 for 32-bit Systems 0 + Microsoft Windows 8.1 for 32-bit Systems 0 + Microsoft Windows 8.1 for 32-bit Systems 0 + Microsoft Windows 8.1 for 32-bit Systems 0 + Microsoft Windows 8.1 for x64-based Systems 0 + Microsoft Windows 8.1 for x64-based Systems 0 + Microsoft Windows 8.1 for x64-based Systems 0 + Microsoft Windows 8.1 for x64-based Systems 0 + Microsoft Windows 8.1 for x64-based Systems 0 + Microsoft Windows Rt 8.1 - + Microsoft Windows Rt 8.1 - + Microsoft Windows Rt 8.1 - + Microsoft Windows Rt 8.1 - + Microsoft Windows Rt 8.1 - + Microsoft Windows Server 2016 + Microsoft Windows Server 2016 + Microsoft Windows Server 2016 + Microsoft Windows Server 2008 R2 for Itanium-based Systems SP2 + Microsoft Windows Server 2008 R2 for Itanium-based Systems SP2 + Microsoft Windows Server 2008 R2 for Itanium-based Systems SP2 + Microsoft Windows Server 2008 R2 for Itanium-based Systems SP2 + Microsoft Windows Server 2008 R2 for x64-based Systems SP1 + Microsoft Windows Server 2008 R2 for x64-based Systems SP1 + Microsoft Windows Server 2008 R2 for x64-based Systems SP1 + Microsoft Windows Server 2008 R2 for x64-based Systems SP1 + Microsoft Windows Server 2008 R2 for x64-based Systems SP1 + Microsoft Windows Server 2012 R2 0 + Microsoft Windows Server 2012 R2 0 + Microsoft Windows Server 2012 R2 0 + Microsoft Windows Server 2012 R2 0 + Microsoft Windows Server 2012 R2 0 Microsoft Internet Explorer 10 + Microsoft Windows 7 for 32-bit Systems SP1 + Microsoft Windows 7 for 32-bit Systems SP1 + Microsoft Windows 7 for x64-based Systems SP1 + Microsoft Windows 7 for x64-based Systems SP1 + Microsoft Windows 8 for 32-bit Systems 0 + Microsoft Windows 8 for 32-bit Systems 0 + Microsoft Windows 8 for x64-based Systems 0 + Microsoft Windows 8 for x64-based Systems 0 + Microsoft Windows RT 0 + Microsoft Windows RT 0 + Microsoft Windows Server 2008 R2 for x64-based Systems SP1 + Microsoft Windows Server 2008 R2 for x64-based Systems SP1 + Microsoft Windows Server 2012 0 + Microsoft Windows Server 2012 0 + Microsoft Windows Server 2012 0

Not Vulnerable:

Discussion

Microsoft Internet Explorer CVE-2018-8118 Remote Code Execution Vulnerability

Microsoft Internet Explorer is prone to a remote code-execution vulnerability.

Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page.

An attacker can exploit this issue to execute arbitrary code in the context of the current user. Failed exploit attempts may result in a denial of service condition.

Internet Explorer 10, and 11 are vulnerable.

Solution / Fix

Microsoft Internet Explorer CVE-2018-8118 Remote Code Execution Vulnerability

Solution:
Updates are available. Please see the references or vendor advisory for more information.

References

Microsoft Internet Explorer CVE-2018-8118 Remote Code Execution Vulnerability

References:

Microsoft Homepage (Microsoft)
Microsoft Internet Explorer Homepage (Microsoft)
CVE-2018-8118 | Internet Explorer Memory Corruption Vulnerability (Microsoft)