Microsoft Windows CVE-2018-8210 Remote Code Execution Vulnerability

Microsoft Windows is prone to a remote code-execution vulnerability.

An attacker can exploit this issue to execute arbitrary code in the context of the user running the affected application.

Information

Bugtraq ID: 104407
Class: Failure to Handle Exceptional Conditions
CVE: CVE-2018-8210

Remote: Yes
Local: No
Published: Jun 12 2018 12:00AM
Updated: Jun 18 2018 05:00AM
Credit: Marcin 'Icewall' Noga of Cisco Talos
Vulnerable: Microsoft Windows Server 2012 R2 0
Microsoft Windows Server 2012 0
Microsoft Windows Server 1803 0
Microsoft Windows Server 1709 0
Microsoft Windows Server 2016
Microsoft Windows RT 8.1
Microsoft Windows 8.1 for x64-based Systems 0
Microsoft Windows 8.1 for 32-bit Systems 0
Microsoft Windows 10 Version 1803 for x64-based Systems 0
Microsoft Windows 10 Version 1803 for 32-bit Systems 0
Microsoft Windows 10 version 1709 for x64-based Systems 0
Microsoft Windows 10 version 1709 for 32-bit Systems 0
Microsoft Windows 10 version 1703 for x64-based Systems 0
Microsoft Windows 10 version 1703 for 32-bit Systems 0
Microsoft Windows 10 Version 1607 for x64-based Systems 0
Microsoft Windows 10 Version 1607 for 32-bit Systems 0
Microsoft Windows 10 for x64-based Systems 0
Microsoft Windows 10 for 32-bit Systems 0
Microsoft wimgapi 10.0.16299.15

Not Vulnerable:

Exploit

The researcher has created a proof-of-concept to demonstrate the issue. Please see the references for more information.

References:

• Microsoft Windows Homepage (Microsoft )
  
• CVE-2018-8210 | Windows Remote Code Execution Vulnerability (Microsoft)
  
• Microsoft wimgapi LoadIntegrityInfo Code Execution Vulnerability (Cisco)
  
• Vulnerability Spotlight: TALOS-2018-0545 - Microsoft wimgapi LoadIntegrityInfo (Cisco)
  

Source: www.securityfocus.com