1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. Web Attack: Windows VBScript Engine RCE CVE-2018-8544

Web Attack: Windows VBScript Engine RCE CVE-2018-8544

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects attempts to execute arbitrary code in the context of the current user. Failed exploit attempts will likely cause a denial-of-service condition.

Additional Information

Microsoft Windows is prone to a remote code-execution vulnerability because it fails to properly handle objects in memory. Specifically, this issue affects the 'VBScript Engine'. An attacker can exploit this issue by enticing an unsuspecting user to open a malicious file or visit a malicious web page to gain complete control of the affected system.

An attacker can exploit this issue to execute arbitrary code in the context of the current user. Failed exploit attempts may result in a denial of service condition.

Affected

  • Various Windows Operating systems such as Windows 7,8,10 and Windows Server

Response

Updates are available. Please see the references or vendor advisory for more information.
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube