Published: 09/05/2018 Updated: 24/08/2020

CVSS v2 Base Score: 7.6 | Impact Score: 10 | Exploitability Score: 4.9

CVSS v3 Base Score: 7.5 | Impact Score: 5.9 | Exploitability Score: 1.6

VMScore: 682

Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C

A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka "Windows VBScript Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.

Vulnerable Product	Search on Vulmon	Subscribe to Product
microsoft windows server 2012 r2
microsoft windows server 2016 -
microsoft windows server 2016 1709
microsoft windows server 2016 1803
microsoft windows 10 1709
microsoft windows 10 1803
microsoft windows 7 -
microsoft windows 10 1607
microsoft windows server 2008 -
microsoft windows server 2008 r2
microsoft windows 8.1 -
microsoft windows rt 8.1 -
microsoft windows 10 -
microsoft windows 10 1703
microsoft windows server 2012 -

MSRC API for python

MSRC(Microsoft Security Research Center) API for python Installation pip install msrc Requirements requests CLI Usage # Search with CVE python msrcpy CVE-2018-8174 # Search with KB python msrcpy KB5014699 API Usage from msrc import MSRC from msrc import CVRF client = MSRC() cvrf: CVRF = client

Exp Exp收集区域信息泄露 SVN githubcom/anantshri/svn-extractor GIT githubcom/lijiejie/GitHack BBScan githubcom/lijiejie/BBScan Android 在线扫描 wwwappscanio/ 安全测试书籍 wizardforcelgitbooksio/web-hacking-101/content/ Web Hacking 101 中文版 wizardforcelgitbooksio/asani/content/ 浅入浅出Andro

Scripts for disassembling VBScript p-code in the memory to aid in exploits analysis

VBscriptInternals Author: Boris Larin This repository contains scripts for disassembling VBScript p-code in the memory to aid in exploits analysis securelistcom/delving-deep-into-vbscript-analysis-of-cve-2018-8174-exploitation/86333/ Contents kl_vbs_disasm_idapy - Script for IDA Pro kl_vbs_disasm_windbgpy - Script for WinDbg with PyKD extension Usage Set breakpoint

CVE-2018-8174_python

CVE-2018-8174_EXP usage: CVE-2018-8174py [-h] -u URL -o OUTPUT [-i IP] [-p PORT] Exploit for CVE-2018-8174 optional arguments: -h, --help show this help message and exit -u URL, --url URL exp url -o OUTPUT, --output OUTPUT Output exploit rtf -i IP, --ip IP ip for netcat -p PORT, --port PORT port for netcat eg: python CVE-2018-8174py -u 1111/e

All in 1 phishing framework

TigerShark s1l3nt78 The Dead Bunny Collective Because phishing is a great way to pass the time Phishing Kit TigerShark incorporates various different phishing tools, frameworks, domain gathering/generation tools and mail spammers to create a fully customizable Phishing Kit This kit allows you to create small to large phishing campaigns, with customizable payloads, in

CVE-2018-8174-msf This is a metasploit module which creates a malicious word document to exploit CVE-2018-8174 - VBScript memory corruption vulnerability This module is a very quick port and uses the exploit sample that was found in the wild The exploit works only for Microsoft Office 32-bit There are a lot of things that need to get better at this module but I will update i

Analysis of VBS exploit CVE-2018-8174

Dissecting modern browser exploit: case study of CVE-2018-8174 Overview When this exploit first emerged in the turn of April and May it spiked my interest, since despite heavy obfuscation, the code structure seemed well organized and the vulnerability exploitation code small enough to make analysis simpler I downloaded POC from github and decided it would be a good candidate f

panopticon-DarkHotel wwwdarkreadingcom/attacks-breaches/konni-malware-campaign-targets-north-korean-organizations/d/d-id/1329591 wwwzdnetcom/article/hackers-are-now-using-the-exploit-behind-wannacry-to-snoop-on-hotel-wi-fi/ towards the end wwwwiredcom/2014/11/darkhotel-malware/ wwwsecurityweekcom/north-korean-hackers-exploit-recently-patch

MS Word MS WordPad via IE VBS Engine RCE

CVE-2018-8174 MS Word MS WordPad via IE VBS Engine RCE MS Word and MS WordPad RCE via IE VBS RCE githubcom/smgorelik/Windows-RCE-exploits/tree/master/Web/VBScript Save the indexhtml to webserver then use the python script to generate RTF Exploit Shellcode is static Down\Exec Puttyexe from main website check indexhtml for the shellcode

Rig Exploit for CVE-2018-8174 As with its previous campaigns, Rig’s Seamless campaign uses malvertising. In this case, the malvertisements have a hidden iframe that redirects victims to Rig’s landing page, which includes an exploit for CVE-2018-8174 and shellcode. This enables remote code execution of the shellcode obfuscated in the landing page…

Rig-Exploit-for-CVE-2018-8174 Rig Exploit for CVE-2018-8174 As with its previous campaigns, Rig’s Seamless campaign uses malvertising In this case, the malvertisements have a hidden iframe that redirects victims to Rig’s landing page, which includes an exploit for CVE-2018-8174 and shellcode This enables remote code execution of the shellcode obfuscated in the

CVE-2018-8174 - VBScript memory corruption exploit.

Windows VBScript Use-After-Free Vulnerability and Exploit Kit Analysis CVE-2018-8174

A collection of YARA rules we wish to share with the world, most probably referenced from http://blog.inquest.net.

yara-rules A collection of YARA rules from the folks at InQuest we wish to share with the world These rules should not be considered production appropriate Rather, they are valuable for research and hunting purposes See also: githubcom/InQuest/yara-rules-vt 📖 githubcom/InQuest/awesome-yara 🏆🥇 labsinquestnet 🥼🔬🧪 yaramatec

本项目仅用于记录团队内部分享议题及一些大事件，记录团队成长的过程。

红日安全-成长日记本项目仅用于记录团队内部分享议题及一些大事件，记录团队成长的过程。 2019年 3月31日：小组分享议题分享人工具组 zmap核心技术剖析陈平企业安全组极验业务沙龙分享：中小互联网企业风控场景与填坑笔记 RiCky SRC组小白的扫描器之路之指纹识别瓜子

漏洞复现、工具测试、技术练习

Paper 自己的一点积累，目前有以下内容工具测试 sql注入练习记录 apk后门测试 mimikatz - windows下导出密码的工具一些漏洞的复现 CVE-2018-8174 Drupal漏洞 kindeditor小于等于4_1_5文件上传漏洞 redis未授权访问应急响应应急响应-技术性应急响应-流程管理性 Linux基础命令介绍 Windows-开启rdp-firewa

用于安全测试中远程加载的测试脚本，以及在线使用的辅助工具

Welcome to 14u9h Test_script/ 您正在访问 14u9h 的远程加载测试文件目录/ 这是个人项目，把一些需要丢在服务器上的HTML/JS/CSS等脚本文件塞这里面以便于日常测试随时调用。我是谁我是一个网络安全从业者，Ummmmm Web安全、App安全，偶尔在漏洞平台提交个漏洞；其实，我是谁没这么重要，不�

Exploit Generator for CVE-2018-8174 & CVE-2019-0768 (RCE via VBScript Execution in IE11)

IE11 VBScript Exploit Exploit Generator for CVE-2018-8174 & CVE-2019-0768 (RCE via VBScript Execution in IE11) Prerequisite Metasploit msfvenom Usage python ie11_vbscriptpy [Listener IP] [Listener Port] Instruction Use this script to generate "exploithtml" Host the html file on your server Setup a handler with windows/meterpreter/reverse_tcp in Metasploit

IT threat evolution Q2 2020

Securelist • David Emm • 03 Sep 2020

IT threat evolution Q2 2020. PC statistics IT threat evolution Q2 2020. Mobile statistics In April, we reported the results of our investigation into a mobile spyware campaign that we call ‘PhantomLance’. The campaign involved a backdoor Trojan that the attackers distributed via dozens of apps in Google Play and elsewhere. Dr Web first reported the malware in July 2019, but we decided to investigate because the Trojan was more sophisticated than most malware for stealing money or displaying ...

Magnitude exploit kit – evolution

Securelist • Boris Larin • 24 Jun 2020

Exploit kits are not as widespread as they used to be. In the past, they relied on the use of already patched vulnerabilities. Newer and more secure web browsers with automatic updates simply do not allow known vulnerabilities to be exploited. It was very different back in the heyday of Adobe Flash because it’s just a plugin for a web browser, meaning that even if the user has an up-to-date browser, there’s a non-zero chance that Adobe Flash may still be vulnerable to 1-day exploits. Now tha...

The Register • Gareth Corfield • 16 Apr 2019

Over two-thirds of attacks Russian biz spied targeted venerable Microsoft suite If at first you, er, make things worse, you're probably Microsoft: Bug patch needed patching

Russian security biz Kaspersky Lab has said more than 70 per cent of malware attacks it detected last year were made against everyone's favourite Microsoft suite – Office. "In the past few months, MS Office... became the most targeted platform," the firm said in a blog post. It produced a graph showing that between Q4 2016 and Q4 2018, Office-targeting attacks rose from 16 per cent of total Kaspersky detections to more than two-thirds. The outfit also reported a switch away from ne'er-do-wells...

The Register • Shaun Nichols in San Francisco • 08 Mar 2019

Panic, flee, cry – or just update Windows for fsck's sake Psst, hackers. Just go for the known vulnerabilities

A new malware strain tapped into GitHub posts and Slack channels to siphon precious data from infected Windows PCs, it is claimed. Researchers at Trend Micro have dubbed the malware "Slub", a mash-up of the names of the two services the software nasty apparently used to obtain instructions from its masterminds and exfiltrate information from hijacked computers. Trend's virus-hunters said they spotted at the end of last month Slub lurking on a compromised "watering hole," which is a website frequ...

Securelist • David Emm Victor Chebyshev • 03 Dec 2018

The internet is now woven into the fabric of our lives. Many people routinely bank, shop and socialize online and the internet is the lifeblood of commercial organizations. The dependence on technology of governments, businesses and consumers provides a broad attack surface for attackers with all kinds of motives – financial theft, theft of data, disruption, damage, reputational damage or simply ‘for the lulz’. The result is a threat landscape that ranges from highly sophisticated targeted...

IT threat evolution Q2 2018

Securelist • David Emm • 06 Aug 2018

In April, we reported the workings of Operation Parliament, a cyber-espionage campaign aimed at high-profile legislative, executive and judicial organizations around the world – with its main focus in the MENA (Middle East and North Africa) region, especially Palestine. The attacks, which started early in 2017, target parliaments, senates, top state offices and officials, political science scholars, military and intelligence agencies, ministries, media outlets, research centers, election commi...

Securelist • Victor Chebyshev Fedor Sinitsyn Denis Parinov Alexander Liskin Oleg Kupreev • 06 Aug 2018

According to KSN: In Q2 2018, Kaspersky Lab detected 1,744,244 malicious installation packages, which is 421,666 packages more than in the previous quarter. Among all the threats detected in Q2 2018, the lion’s share belonged to potentially unwanted RiskTool apps (55.3%); compared to the previous quarter, their share rose by 6 p.p. Members of the RiskTool.AndroidOS.SMSreg family contributed most to this indicator. Second place was taken by Trojan-Dropper threats (13%), whose share fell by 7 p....

The Register • Shaun Nichols in San Francisco • 23 Jul 2018

VBScript hole 'fixed' in May actually left open for months

A remote code execution vulnerability in the Windows VBScript engine was left open for exploitation for two months after it was supposedly patched. In fact, the fix made things even worse by introducing another remotely exploitable bug in VBScript. This is all according to researchers at Qihoo 360, who today claimed a security hole in the scripting engine was only partially resolved in Redmond's May Patch Tuesday, and was only permanently patched in this month's batch of fixes. Designated CVE-20...

APT Trends Report Q2 2018

Securelist • GReAT • 10 Jul 2018

In the second quarter of 2017, Kaspersky Lab’s Global Research and Analysis Team (GReAT) began publishing summaries of the quarter’s private threat intelligence reports, in an effort to make the public aware of the research we have been conducting. This report serves as the latest installment, focusing on the relevant activities that we observed during Q2 2018. These summaries are a representative snapshot of what has been discussed in greater detail in our private reports. They aim to highl...

Delving deep into VBScript

Securelist • Boris Larin • 03 Jul 2018

In late April we found and wrote a description of CVE-2018-8174, a new zero-day vulnerability for Internet Explorer that was picked up by our sandbox. The vulnerability uses a well-known technique from the proof-of-concept exploit CVE-2014-6332 that essentially “corrupts” two memory objects and changes the type of one object to Array (for read/write access to the address space) and the other object to Integer to fetch the address of an arbitrary object. But whereas CVE-2014-6332 was aimed at...

Securelist • Vladislav Stolyarov Boris Larin Anton Ivanov • 09 May 2018

In late April 2018, a new zero-day vulnerability for Internet Explorer (IE) was found using our sandbox; more than two years since the last in the wild example (CVE-2016-0189). This particular vulnerability and subsequent exploit are interesting for many reasons. The following article will examine the core reasons behind the latest vulnerability, CVE-2018-8174. Our story begins on VirusTotal (VT), where someone uploaded an interesting exploit on April 18, 2018. This exploit was detected by sever...

The Register • Chris Williams, Editor in Chief • 09 May 2018

Scores of bugs, from Edge and Office to kernel code to Adobe Flash, need fixing ASAP

Patch Tuesday Microsoft and Adobe have patched a bunch of security bugs in their products that can be exploited by hackers to commandeer vulnerable computers, siphon people's personal information, and so on. Redmond emitted 68 patches alone, 21 rated critical and at least two being actively exploited in the wild. There are browser and kernel patches you should look into first, check out an Office 365 email filter bypass that isn't addressed, then Hyper-V if you're using that, and then the rest. ...

Get Started

CVE-2018-8174

Vulnerability Summary

Vulnerability Trend

Github Repositories

Recent Articles

References

Vulmon Search

About

Products

Connect