CVE-2018-8544

HIGH

Windows VBScript Engine - RCE

Title source: llm

Description

A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka "Windows VBScript Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Google Security Research · htmldoswindows

https://www.exploit-db.com/exploits/45923

View Code ZIP pw:eip

References (4)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/105787

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1042118

[Patch, Vendor Advisory] https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8544

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/45923/

Scores

CVSS v3 8.8

EPSS 0.7286

EPSS Percentile 98.8%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-416

Status published

Products (17)

microsoft/windows_10

microsoft/windows_10 1607

microsoft/windows_10 1703

microsoft/windows_10 1709

microsoft/windows_10 1803

microsoft/windows_10 1809

microsoft/windows_7

microsoft/windows_8.1

microsoft/windows_rt_8.1

microsoft/windows_server_2008

... and 7 more

Published Nov 14, 2018

Tracked Since Feb 18, 2026