English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 146377 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.814003
Category:Windows : Microsoft Bulletins
Title:Microsoft Windows Multiple Vulnerabilities (KB4457129)
Summary:This host is missing a critical security; update according to Microsoft KB4457129
Description:Summary:
This host is missing a critical security
update according to Microsoft KB4457129

Vulnerability Insight:
Multiple flaws exist due to:

- Denial of service vulnerability (named 'FragmentSmack').

- Windows bowser.sys kernel-mode driver fails to properly handle objects
in memory.

- Browser scripting engine improperly handle object types.

- Windows font library improperly handles specially crafted embedded fonts.

- SMB improperly handles specially crafted client requests.

- Microsoft JET Database Engine improperly handles objects in memory.

- Windows Kernel API improperly handles registry objects in memory.

- Windows kernel fails to properly initialize a memory address.

- Microsoft XML Core Services improperly MSXML parser processes user input.

- Windows GDI component improperly discloses the contents of its memory.

- Windows Graphics component improperly handles objects in memory.

- Hyper-V improperly validates guest operating system user input.

- Windows improperly handles calls to Advanced Local Procedure Call (ALPC).

- Windows kernel improperly handles objects in memory.

- Microsoft Server Message Block 2.0 (SMBv2) server improperly handles certain
requests.

- Internet Explorer improperly accesses objects in memory.

- Scripting engine does not properly handle objects in memory in Microsoft browsers.

- Windows improperly parses files.

- Internet Explorer improperly handles script.

- Windows does not properly handle specially crafted image files.

Vulnerability Impact:
Successful exploitation will allow an attacker
to execute arbitrary code in the context of the current user, obtain information
to further compromise the user's system, gain elevated privileges on a targeted
system and also cause the affected system to crash.

Affected Software/OS:
- Microsoft Windows 8.1 for 32-bit/x64

- Microsoft Windows Server 2012 R2

Solution:
The vendor has released updates. Please see the references for more information.

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2018-5391
BugTraq ID: 105108
http://www.securityfocus.com/bid/105108
CERT/CC vulnerability note: VU#641765
https://www.kb.cert.org/vuls/id/641765
Debian Security Information: DSA-4272 (Google Search)
https://www.debian.org/security/2018/dsa-4272
https://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next.git/commit/?id=c30f1fc041b74ecdb072dd44f858750414b8b19f
https://lists.debian.org/debian-lts-announce/2018/08/msg00014.html
https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html
http://www.openwall.com/lists/oss-security/2019/06/28/2
http://www.openwall.com/lists/oss-security/2019/07/06/3
http://www.openwall.com/lists/oss-security/2019/07/06/4
RedHat Security Advisories: RHSA-2018:2785
https://access.redhat.com/errata/RHSA-2018:2785
RedHat Security Advisories: RHSA-2018:2791
https://access.redhat.com/errata/RHSA-2018:2791
RedHat Security Advisories: RHSA-2018:2846
https://access.redhat.com/errata/RHSA-2018:2846
RedHat Security Advisories: RHSA-2018:2924
https://access.redhat.com/errata/RHSA-2018:2924
RedHat Security Advisories: RHSA-2018:2925
https://access.redhat.com/errata/RHSA-2018:2925
RedHat Security Advisories: RHSA-2018:2933
https://access.redhat.com/errata/RHSA-2018:2933
RedHat Security Advisories: RHSA-2018:2948
https://access.redhat.com/errata/RHSA-2018:2948
RedHat Security Advisories: RHSA-2018:3083
https://access.redhat.com/errata/RHSA-2018:3083
RedHat Security Advisories: RHSA-2018:3096
https://access.redhat.com/errata/RHSA-2018:3096
RedHat Security Advisories: RHSA-2018:3459
https://access.redhat.com/errata/RHSA-2018:3459
RedHat Security Advisories: RHSA-2018:3540
https://access.redhat.com/errata/RHSA-2018:3540
RedHat Security Advisories: RHSA-2018:3586
https://access.redhat.com/errata/RHSA-2018:3586
RedHat Security Advisories: RHSA-2018:3590
https://access.redhat.com/errata/RHSA-2018:3590
http://www.securitytracker.com/id/1041476
http://www.securitytracker.com/id/1041637
https://usn.ubuntu.com/3740-1/
https://usn.ubuntu.com/3740-2/
https://usn.ubuntu.com/3741-1/
https://usn.ubuntu.com/3741-2/
https://usn.ubuntu.com/3742-1/
https://usn.ubuntu.com/3742-2/
Common Vulnerability Exposure (CVE) ID: CVE-2018-8271
BugTraq ID: 105247
http://www.securityfocus.com/bid/105247
http://www.securitytracker.com/id/1041635
Common Vulnerability Exposure (CVE) ID: CVE-2018-8315
BugTraq ID: 105251
http://www.securityfocus.com/bid/105251
http://www.securitytracker.com/id/1041623
Common Vulnerability Exposure (CVE) ID: CVE-2018-8332
BugTraq ID: 105248
http://www.securityfocus.com/bid/105248
http://www.securitytracker.com/id/1041628
Common Vulnerability Exposure (CVE) ID: CVE-2018-8335
BugTraq ID: 105224
http://www.securityfocus.com/bid/105224
http://www.securitytracker.com/id/1041634
Common Vulnerability Exposure (CVE) ID: CVE-2018-8392
BugTraq ID: 105213
http://www.securityfocus.com/bid/105213
http://www.securitytracker.com/id/1041625
Common Vulnerability Exposure (CVE) ID: CVE-2018-8393
BugTraq ID: 105214
http://www.securityfocus.com/bid/105214
Common Vulnerability Exposure (CVE) ID: CVE-2018-8410
BugTraq ID: 105256
http://www.securityfocus.com/bid/105256
https://www.exploit-db.com/exploits/45436/
Common Vulnerability Exposure (CVE) ID: CVE-2018-8419
BugTraq ID: 105238
http://www.securityfocus.com/bid/105238
Common Vulnerability Exposure (CVE) ID: CVE-2018-8420
BugTraq ID: 105259
http://www.securityfocus.com/bid/105259
http://www.securitytracker.com/id/1041627
Common Vulnerability Exposure (CVE) ID: CVE-2018-8424
BugTraq ID: 105261
http://www.securityfocus.com/bid/105261
Common Vulnerability Exposure (CVE) ID: CVE-2018-8433
BugTraq ID: 105264
http://www.securityfocus.com/bid/105264
Common Vulnerability Exposure (CVE) ID: CVE-2018-8434
BugTraq ID: 105239
http://www.securityfocus.com/bid/105239
http://www.securitytracker.com/id/1041624
Common Vulnerability Exposure (CVE) ID: CVE-2018-8438
BugTraq ID: 105249
http://www.securityfocus.com/bid/105249
Common Vulnerability Exposure (CVE) ID: CVE-2018-8439
BugTraq ID: 105233
http://www.securityfocus.com/bid/105233
Common Vulnerability Exposure (CVE) ID: CVE-2018-8440
BugTraq ID: 105153
http://www.securityfocus.com/bid/105153
https://blog.0patch.com/2018/08/how-we-micropatched-publicly-dropped.html
https://blog.0patch.com/2018/09/comparing-our-micropatch-with.html
http://www.securitytracker.com/id/1041578
Common Vulnerability Exposure (CVE) ID: CVE-2018-8442
BugTraq ID: 105234
http://www.securityfocus.com/bid/105234
Common Vulnerability Exposure (CVE) ID: CVE-2018-8443
BugTraq ID: 105228
http://www.securityfocus.com/bid/105228
Common Vulnerability Exposure (CVE) ID: CVE-2018-8444
BugTraq ID: 105226
http://www.securityfocus.com/bid/105226
Common Vulnerability Exposure (CVE) ID: CVE-2018-8446
BugTraq ID: 105217
http://www.securityfocus.com/bid/105217
Common Vulnerability Exposure (CVE) ID: CVE-2018-8447
BugTraq ID: 105257
http://www.securityfocus.com/bid/105257
http://www.securitytracker.com/id/1041632
Common Vulnerability Exposure (CVE) ID: CVE-2018-8452
BugTraq ID: 105252
http://www.securityfocus.com/bid/105252
Common Vulnerability Exposure (CVE) ID: CVE-2018-8455
BugTraq ID: 105211
http://www.securityfocus.com/bid/105211
Common Vulnerability Exposure (CVE) ID: CVE-2018-8457
BugTraq ID: 105207
http://www.securityfocus.com/bid/105207
Common Vulnerability Exposure (CVE) ID: CVE-2018-8468
BugTraq ID: 105275
http://www.securityfocus.com/bid/105275
https://www.exploit-db.com/exploits/45502/
Common Vulnerability Exposure (CVE) ID: CVE-2018-8470
BugTraq ID: 105267
http://www.securityfocus.com/bid/105267
Common Vulnerability Exposure (CVE) ID: CVE-2018-8475
BugTraq ID: 105277
http://www.securityfocus.com/bid/105277
http://www.securitytracker.com/id/1041626
CopyrightCopyright (C) 2018 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.