Zero-day vulnerability in Microsoft Internet Explorer

Use-after-free
CVE-2018-8373

The vulnerability was spotted in the wild by Trend Micro researcher on July 11, 2018. The exploit sample detected by the researchers was using the same obfuscation technique as exploits for CVE-2018-8174, spotted in the wild by Qihoo 360 in April 2018.

Known malware:

HTML_EXPLOIT.YYRV

Vulnerability details

Advisory: SB2018081413 - Remote code execution in Microsoft Internet Explorer

Vulnerable component: Microsoft Internet Explorer

CVE-ID: CVE-2018-8373

CVSSv3 score: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:H/RL:O/RC:C

CWE-ID: CWE-416 - Use After Free

Description:

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a use-after-free error in VBScript when the scripting engine handles objects in memory in Internet Explorer. A remote unauthenticated attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Note: The vulnerability has been exploited in the wild.

Latest references in media:

- Backdoors Up 44%, Ransomware Up 43% from 2017 [2018-12-05 00:10:06]

- Internet Explorer scripting engine becomes North Korean APT's favorite target in 2018 | ZDNet [2018-11-12 20:50:08]

- The August 2018 Security Update Review [2018-10-13 17:41:13]

- New CVE-2018-8373 Exploit Spotted [2018-09-26 16:10:16]

- Patch Tuesday, August 2018 [2018-09-26 07:12:05]

- New CVE-2018-8373 Exploit Spotted in the Wild [2018-09-25 14:40:18]

- ShadowTalk Update тАУ 08.27.2018 [2018-08-27 17:11:37]

- Security Affairs newsletter Round 177 тАУ News of the week [2018-08-26 14:40:09]

- Microsoft Patch Alert: Mainstream August patches look remarkably good, but watch out for the bad boys [2018-08-23 23:10:07]

- North Korean Hackers Exploit Recently Patched Zero-Day [2018-08-20 21:00:10]

- Vulnerability in MicrosoftтАЩs VBScript Engine Taken Advantage by Darkhotel [2018-08-20 12:31:05]

- Windows VBScript Engine Zero-day Flaw used by Darkhotel Hackers [2018-08-20 04:00:46]

- North Korea-linked Dark Hotel APT leverages CVE-2018-8373 exploit [2018-08-19 18:00:08]

- Zero-Day In Microsoft's VBScript Engine Used By Darkhotel APT [2018-08-18 17:10:17]

- Zero-Day In Microsoft’s VBScript Engine Used By Darkhotel APT [2018-08-18 16:30:17]

- Weekly podcast: Intel Foreshadow attack, Cosmos cash-out scheme, TLS 1.3 and Patch Tuesday [2018-08-17 11:01:23]

- Microsoft Patch Tuesday Addresses 60 Vulnerabilities Including 2 Zero-Day Vulnerabilities [2018-08-16 10:00:53]

- August 2018 – Microsoft Patch Tuesday [2018-08-15 20:30:11]

- Microsoft patches zero-day exploit against Internet Explorer [2018-08-15 19:50:58]

- Patch Tuesday fallout: Bad docs, but so far no major problems [2018-08-15 18:10:12]

- Patch Tuesday, August 2018 Edition [2018-08-15 17:11:15]

- Patch Tuesday, August 2018 Edition [2018-08-15 17:10:17]

- Use-after-free (UAF) Vulnerability CVE-2018-8373 in VBScript Engine Affects Internet Explorer to Run Shellcode [2018-08-15 14:40:15]

- Microsoft Fixes 60 Flaws Including Two Zero-Days [2018-08-15 12:10:05]

- August 2018 Patch Tuesday: Microsoft fixes two actively exploited zero-days [2018-08-15 11:01:19]

- August 2018 Patch Tuesday: Microsoft fixes two actively exploited zero-days [2018-08-15 10:50:09]

- August 2018 Microsoft Patch Tuesday fixes two flaws exploited in attacks in the wild [2018-08-15 10:50:08]

- Microsoft Patches Zero-Day Flaws in Windows, Internet Explorer [2018-08-15 07:50:10]

- August Patch Tuesday: A Tale of Two Zero-Days [2018-08-15 07:40:15]

- Patch Tuesday, August 2018 [2018-08-15 03:40:53]

- Patch Tuesday, August 2018 [2018-08-15 02:12:12]

- Patch Tuesday heats up with pair of zero-days, plus 58 other fixes [2018-08-15 01:10:01]

- Microsoft August 2018 Patch Tuesday Fixes 60 Security Flaws, Including Two Zero-Days [2018-08-14 22:10:24]

- Microsoft releases latest August 2018 Patch Tuesday updates for 60 vulnerabilities, of which 19 are rated as critical. [2018-08-14 20:40:06]

Vulnerability Scanning SaaS

Vulnerability scanning SaaS service is online 3-rd generation vulnerability scanner with scheduled assessments and vulnerability subscription. You can use service to check security of your network perimeter.