Microsoft WordPad Lets Remote Users Bypass Content Blocking Restrictions on the Target System
|
SecurityTracker Alert ID: 1041272 |
SecurityTracker URL: http://securitytracker.com/id/1041272
|
CVE Reference:
CVE-2018-8307
(Links to External Site)
|
Date: Jul 10 2018
|
Impact:
Modification of system information
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): 7 SP1, 2008 R2 SP1, 2008 SP2, 8.1, RT 8.1, 2012, 2012 R2, 2016, 10, 10 Version 1607, 10 Version 1703, 10 Version 1709, 10 Version 1803
|
Description:
A vulnerability was reported in Microsoft WordPad. A remote user can bypass security controls on the target system.
A remote user can create a specially crafted file that, when opened by the target user via WordPad, will trigger an error in handling embedded OLE objects and bypass content blocking controls on the target system.
Eduardo Braun Prado (via Trend Micro's Zero Day Initiative) reported this vulnerability.
|
Impact:
A remote user can bypass content blocking security controls on the target system.
|
Solution:
The vendor has issued a fix.
The Microsoft advisory is available at:
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8307
|
Vendor URL: portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8307 (Links to External Site)
|
Cause:
Access control error
|
Underlying OS: Windows (2008), Windows (2012), Windows (2016), Windows (7), Windows (8), Windows (10)
|
|
Message History:
None.
|
Source Message Contents
|
|
[Original Message Not Available for Viewing]
|
|