CVE-2018-8553

Опубликовано: 14 нояб. 2018

Источник: nvd

CVSS3: 7.8

CVSS2: 9.3

EPSS Средний

Описание

A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka "Microsoft Graphics Components Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10.

Ссылки

http://www.securityfocus.com/bid/105777
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1042113
Third Party Advisory
VDB Entry
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8553
Patch
Vendor Advisory
http://www.securityfocus.com/bid/105777
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1042113
Third Party Advisory
VDB Entry
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8553
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:itanium:*

cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*

cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*

EPSS

Процентиль: 95%

0.16422

Средний

7.8 High

CVSS3

9.3 Critical

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

CVE-2018-8553

CVSS3: 7.4

msrc

больше 6 лет назад

Microsoft Graphics Components Remote Code Execution Vulnerability

GHSA-vgfv-j9wj-vx9r

CVSS3: 7.8

github

около 3 лет назад

BDU:2018-01393

CVSS3: 9.6

fstec