Home > Cyber News > Recently Patched CVE-2018-8373 Used in Active Exploits
CYBER NEWS

Recently Patched CVE-2018-8373 Used in Active Exploits

by   |  Last Update:  |  0 Comments  

MIcrosoft Office CVE-2017-0199 Exploit

CVE-2018-8373 is a severe remote code execution vulnerability which was fixed in August 2018 Patch Tuesday. The vulnerability was located in Internet Explorer and the way it manages objects in memory. At the time the advisory was published, there were no reports of active infections.




However, further analysis revealed that the problem appeared to be similar to another issue that was addressed in the May Patch Tuesday updates. The vulnerability was also included in the infection strategy of multiple Trojans.

Over a month later, security researchers at Trend Micro came across another exploit that uses the CVE-2018-8373 vulnerability:

On September 18, 2018, more than a month after we published a blog revealing the details of a use-after-free (UAF) vulnerability CVE-2018-8373 that affects the VBScript engine in newer Windows versions, we spotted another exploit, possibly in the wild, that uses the same vulnerability, the researchers recently wrote.

It should be noted that this new exploit is not working on systems that have updated Internet Explorer versions.

What’s Different in the New CVE-2018-8373 Exploit?

Instead of modifying the CONTEXT structure of NtContinue to execute shellcode, the researchers explained, such as in the case of the previous exploit sample, this new sample obtains execution permission from Shell.Application by modifying the SafeMode flag in the VBScript Engine. In addition, the execution of this exploit resembles the executions of CVE-2014-6332 and CVE-2016-0189 exploits.

The researchers also discovered that the attackers behind the new exploit also use another VBScript vulnerability known as CVE-2018-8174, in a file hosted on a malicious website.

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:
Twitter

Related posts:
  1. Adobe Patches 112 Vulnerabilities in Latest Patch Package (CVE-2018-5007) Adobe has released the latest patch package that addresses a...
  2. CVE-2018-8414, CVE-2018-8373 Fixed in August 2018 Patch Tuesday Microsoft has released their latest wave of updates in the...
  3. Fallout EK Spreads GandCrab, Leverages CVE-2018-4878, CVE-2018-8174 New security reports have landed indicating that the infamous GandCrab...
  4. A Recently Patched Adobe Flash Flaw Integrated in Fiesta Exploit Kit A Flash Player security vulnerability that has been patched by...
  5. Cisco Bugs CVE-2018-0151, CVE-2018-171, CVE-2018-015. Patch Now! Three critical vulnerabilities have found in Cisco products. More specifically,...
  6. CVE-2018-8611 Used in Malware Attacks Shortly After Microsoft Patched It CVE-2018-8611 is one the vulnerabilities addressed in December 2018’s Patch...
  7. Google, Microsoft Bugs Top the 20 Most Prevalent Enterprise Vulnerabilities Cybersecurity firm Tenable just released their Vulnerability Intelligence Report which...
  8. July 2018 Patch Tuesday Fixes CVE-2018-8281, Microsoft Office Bugs Another set of patches has been rolled by Microsoft in...

Leave a Comment

Your email address will not be published. Required fields are marked *

This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Privacy Policy.
I Agree