CVE-2018-8309 | ByteOS Network

Vulnerability Details :

CVE-2018-8309

Assigner-microsoft

Assigner Org ID-f38d906d-7342-40ea-92c1-6c4a2c6478c8

Published At-11 Jul, 2018 | 00:00

Updated At-05 Aug, 2024 | 06:54

A denial of service vulnerability exists when Windows improperly handles objects in memory, aka "Windows Denial of Service Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.

EPSS History

Score

Latest Score

-

N/A

Percentile

Latest Percentile

-

N/A

▼Common Vulnerabilities and Exposures (CVE)

Assigner:microsoft

Assigner Org ID:f38d906d-7342-40ea-92c1-6c4a2c6478c8

Published At:11 Jul, 2018 | 00:00

Updated At:05 Aug, 2024 | 06:54

▼CVE Numbering Authority (CNA)

A denial of service vulnerability exists when Windows improperly handles objects in memory, aka "Windows Denial of Service Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.

Affected Products

Vendor

Microsoft Corporation

Product

Versions

Affected

32-bit Systems Service Pack 1
x64-based Systems Service Pack 1

Vendor

Microsoft Corporation

Product

Windows Server 2012 R2

Versions

Affected

(Server Core installation)

Vendor

Microsoft Corporation

Product

Versions

Affected

Windows RT 8.1

Vendor

Microsoft Corporation

Product

Windows Server 2008

Versions

Affected

32-bit Systems Service Pack 2
32-bit Systems Service Pack 2 (Server Core installation)
Itanium-Based Systems Service Pack 2
x64-based Systems Service Pack 2
x64-based Systems Service Pack 2 (Server Core installation)

Vendor

Microsoft Corporation

Product

Windows Server 2012

Versions

Affected

(Server Core installation)

Vendor

Microsoft Corporation

Product

Versions

Affected

32-bit systems
x64-based systems

Vendor

Microsoft Corporation

Product

Windows Server 2016

Versions

Affected

(Server Core installation)

Vendor

Microsoft Corporation

Product

Windows Server 2008 R2

Versions

Affected

Itanium-Based Systems Service Pack 1
x64-based Systems Service Pack 1
x64-based Systems Service Pack 1 (Server Core installation)

Vendor

Microsoft Corporation

Product

Versions

Affected

32-bit Systems
Version 1607 for 32-bit Systems
Version 1607 for x64-based Systems
Version 1703 for 32-bit Systems
Version 1703 for x64-based Systems
Version 1709 for 32-bit Systems
Version 1709 for x64-based Systems
Version 1803 for 32-bit Systems
Version 1803 for x64-based Systems
x64-based Systems

Vendor

Microsoft Corporation

Product

Windows 10 Servers

Versions

Affected

version 1709 (Server Core Installation)
version 1803 (Server Core Installation)

Problem Types

Type	CWE ID	Description
text	N/A	Denial of Service

Type: text

CWE ID: N/A

Description: Denial of Service

References

Hyperlink	Resource
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8309	x_refsource_CONFIRM
http://www.securityfocus.com/bid/104648	vdb-entry x_refsource_BID
http://www.securitytracker.com/id/1041262	vdb-entry x_refsource_SECTRACK

Hyperlink: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8309

Resource:

x_refsource_CONFIRM

Hyperlink: http://www.securityfocus.com/bid/104648

Resource:

vdb-entry

x_refsource_BID

Hyperlink: http://www.securitytracker.com/id/1041262

Resource:

vdb-entry

x_refsource_SECTRACK

▼Authorized Data Publishers (ADP)

CVE Program Container

References

Hyperlink	Resource
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8309	x_refsource_CONFIRM x_transferred
http://www.securityfocus.com/bid/104648	vdb-entry x_refsource_BID x_transferred
http://www.securitytracker.com/id/1041262	vdb-entry x_refsource_SECTRACK x_transferred

Hyperlink: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8309

Resource:

x_refsource_CONFIRM

x_transferred

Hyperlink: http://www.securityfocus.com/bid/104648

Resource:

vdb-entry

x_refsource_BID

x_transferred

Hyperlink: http://www.securitytracker.com/id/1041262

Resource:

vdb-entry

x_refsource_SECTRACK

x_transferred

▼National Vulnerability Database (NVD)

Source:secure@microsoft.com

Published At:11 Jul, 2018 | 00:29

Updated At:24 Aug, 2020 | 17:37

A denial of service vulnerability exists when Windows improperly handles objects in memory, aka "Windows Denial of Service Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.0	5.5	MEDIUM	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Primary	2.0	4.9	MEDIUM	AV:L/AC:L/Au:N/C:N/I:N/A:C

Type: Primary

Version: 3.0

Base score: 5.5

Base severity: MEDIUM

Vector:

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Type: Primary

Version: 2.0

Base score: 4.9

Base severity: MEDIUM

Vector:

AV:L/AC:L/Au:N/C:N/I:N/A:C

CPE Matches

Microsoft Corporation

>>windows_10>>-

cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*

Microsoft Corporation

>>windows_10>>1607

cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*

Microsoft Corporation

>>windows_10>>1703

cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*

Microsoft Corporation

>>windows_10>>1709

cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*

Microsoft Corporation

>>windows_10>>1803

cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*

Microsoft Corporation

cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*

Microsoft Corporation

>>windows_8.1>>-

cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*

Microsoft Corporation

>>windows_rt_8.1>>-

cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*

Microsoft Corporation

>>windows_server_2008>>-

cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*

Microsoft Corporation

>>windows_server_2008>>-

cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:itanium:*:*:*

Microsoft Corporation

>>windows_server_2008>>r2

cpe:2.3:o:microsoft:windows_server_2008:r2:*:*:*:*:*:*:*

Microsoft Corporation

>>windows_server_2008>>r2

cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*

Microsoft Corporation

>>windows_server_2008>>r2

cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:itanium:*:*:*

Microsoft Corporation

>>windows_server_2012>>-

cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*

Microsoft Corporation

>>windows_server_2012>>r2

cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*

Microsoft Corporation

>>windows_server_2016>>-

cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*

Microsoft Corporation

>>windows_server_2016>>1709

cpe:2.3:o:microsoft:windows_server_2016:1709:*:*:*:*:*:*:*

Microsoft Corporation

>>windows_server_2016>>1803

cpe:2.3:o:microsoft:windows_server_2016:1803:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
NVD-CWE-noinfo	Primary	nvd@nist.gov

CWE ID: NVD-CWE-noinfo

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
http://www.securityfocus.com/bid/104648	secure@microsoft.com	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1041262	secure@microsoft.com	Third Party Advisory VDB Entry
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8309	secure@microsoft.com	Patch Vendor Advisory

Hyperlink: http://www.securityfocus.com/bid/104648

Source: secure@microsoft.com

Resource:

Third Party Advisory

VDB Entry

Hyperlink: http://www.securitytracker.com/id/1041262

Source: secure@microsoft.com

Resource:

Third Party Advisory

VDB Entry

Hyperlink: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8309

Source: secure@microsoft.com

Resource:

Patch

Vendor Advisory