New Search

Microsoft JET Database Engine Remote Code Execution Vulnerability - CVE-2018-8423

oval:org.cisecurity:def:5945

A remote code execution vulnerability exists in the Microsoft JET Database Engine. An attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view change or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. To exploit the vulnerability a user must open/import a specially crafted Microsoft JET Database Engine file. In an email attack scenario an attacker could exploit the vulnerability by sending a specially crafted file to the user and then convince the user to open the file. The security update addresses the vulnerability by modifying how the Microsoft JET Database Engine handles objects in memory.

Family:
windows
Status:
ACCEPTED
Platform(s):
  • Microsoft Windows Server 2008 R2
  • Microsoft Windows 10
  • Microsoft Windows 7
  • Microsoft Windows Server 2008
  • Microsoft Windows Server 2016
  • Microsoft Windows 8.1
  • Microsoft Windows Server 2019
  • Microsoft Windows Server 2012 R2
  • Microsoft Windows Server 2012
Class:
vulnerability
Reference(s):
  • CVE-2018-8423
  • MSRC-CVE-2018-8423
  • KB4462915
  • KB4463104
  • KB4462931
  • KB4462941
  • KB4462922
  • KB4462917
  • KB4462937
  • KB4462918
  • KB4462919
  • KB4464330
Product(s):