CVE-2018-8174CISA KEV: Actively Exploited

Microsoft Windows VBScript Engine Out-of-Bounds Write Vulnerability

Published Feb 15, 2022·Updated Feb 15, 2022

Description

A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka "Windows VBScript Engine Remote Code Execution"

Public Exploits & PoCs6 found

PoC: CVE-2018-8174-msf

CVE-2018-8174 - VBScript memory corruption exploit.

170

PoC: CVE-2018-8174_EXP

CVE-2018-8174_python

135

PoC: cve-2018-8174_analysis

Analysis of VBS exploit CVE-2018-8174

20

PoC: ie11_vbscript_exploit

Exploit Generator for CVE-2018-8174 & CVE-2019-0768 (RCE via VBScript Execution in IE11)

10

PoC: CVE-2018-8174

MS Word MS WordPad via IE VBS Engine RCE

8

PoC: Rig-Exploit-for-CVE-2018-8174

Rig Exploit for CVE-2018-8174 As with its previous campaigns, Rig’s Seamless campaign uses malvertising. In this case, the malvertisements have a hidden iframe that redirects victims to Rig’s landing page, which includes an exploit for CVE-2018-8174 and shellcode. This enables remote code execution of the shellcode obfuscated in the landing page. After successful exploitation, a second-stage downloader is retrieved, which appears to be a variant of SmokeLoader due to the URL. It would then download th

1

References

View on NVD Search GitHub Search Google

Get alerted for CVEs like this

Register your stack and get notified within minutes when a matching CVE drops.

Start monitoring free