![]() (CVE-2018-0927, CVE-2018-0932) - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2018-0881) - An information disclosure vulnerability exists when affected Microsoft browsers improperly handle objects in memory. An attacker could then install programs view, change, or delete data or create new accounts with full user rights. An attacker who successfully exploited this vulnerability could run arbitrary code in system mode. (CVE-2018-0883) - An elevation of privilege vulnerability exists in Windows when the Microsoft Video Control mishandles objects in memory. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. (CVE-2018-0929) - A remote code execution vulnerability exists when Windows Shell does not properly validate file copy destinations. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2018-0878) - An information disclosure vulnerability exists when Internet Explorer improperly handles objects in memory. It is, therefore, affected by multiple vulnerabilities : - An information disclosure vulnerability exists when Windows Remote Assistance incorrectly processes XML External Entities (XXE). Description The remote Windows host is missing security update 4088779. Synopsis The remote Windows host is affected by multiple vulnerabilities. Severity display preferences can be toggled in the settings dropdown. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. The calculated severity for Plugins has been updated to use CVSS v3 by default.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |