Rapid7 Vulnerability & Exploit Database

Microsoft CVE-2018-8202: .NET Framework Elevation of Privilege Vulnerability

Free InsightVM Trial No Credit Card Necessary

2024 Attack Intel Report Latest research by Rapid7 Labs

Back to Search

Microsoft CVE-2018-8202: .NET Framework Elevation of Privilege Vulnerability

Severity

CVSS

(AV:L/AC:L/Au:N/C:C/I:C/A:C)

Published

07/10/2018

Created

07/25/2018

Added

07/10/2018

Modified

11/18/2021

Description

An elevation of privilege vulnerability exists in .NET Framework which could allow an attacker to elevate their privilege level. To exploit the vulnerability, an attacker would first have to access the local machine, and then run a malicious program. The update addresses the vulnerability by correcting how .NET Framework activates COM objects.

Solution(s)

msft-kb4340007-60c67276-e466-4787-bfe5-b942449e1765-kb4338602
msft-kb4340007-60c67276-e466-4787-bfe5-b942449e1765-kb4338606
msft-kb4340007-60c67276-e466-4787-bfe5-b942449e1765-kb4338611
msft-kb4340007-6d676aaa-eff2-46a0-bf93-4bd5843dad4b-kb4338602
msft-kb4340007-6d676aaa-eff2-46a0-bf93-4bd5843dad4b-kb4338606
msft-kb4340007-6d676aaa-eff2-46a0-bf93-4bd5843dad4b-kb4338611
msft-kb4340007-b591d691-0009-4dae-a3da-703d00733039-kb4338611
msft-kb4343887-348e720d-750f-481e-b0e0-58bab6ce8538
msft-kb4343897-550b5b70-0dcd-43c0-b4c5-4fe259fda49c
msft-kb4343909-8025b6ac-6795-490e-9130-ee2ca585a1bf
msft-kb4345679-1b11fddd-9a22-472e-a412-ef225a5de41a-kb4344167
msft-kb4345679-1b11fddd-9a22-472e-a412-ef225a5de41a-kb4344173
msft-kb4345679-1b11fddd-9a22-472e-a412-ef225a5de41a-kb4344177
msft-kb4345679-9017e50c-8440-4320-816b-cda1493fbd6f-kb4344167
msft-kb4345679-9017e50c-8440-4320-816b-cda1493fbd6f-kb4344173
msft-kb4345679-9017e50c-8440-4320-816b-cda1493fbd6f-kb4344177
msft-kb4345679-d0e92286-c693-47df-ab23-4e7bc83bf3a6-kb4344177
msft-kb4345680-157995a0-2b42-4154-9e37-f1e0240d9a8c-kb4344165
msft-kb4345680-157995a0-2b42-4154-9e37-f1e0240d9a8c-kb4344172
msft-kb4345680-157995a0-2b42-4154-9e37-f1e0240d9a8c-kb4344175
msft-kb4345680-7b26d6f1-937c-4171-86ab-bd89e50b5a4e-kb4344165
msft-kb4345680-7b26d6f1-937c-4171-86ab-bd89e50b5a4e-kb4344172
msft-kb4345680-7b26d6f1-937c-4171-86ab-bd89e50b5a4e-kb4344175
msft-kb4345680-ccb830c9-1ca8-4873-8de9-8dc3b9bd6451-kb4344165
msft-kb4345680-ccb830c9-1ca8-4873-8de9-8dc3b9bd6451-kb4344172
msft-kb4345680-ccb830c9-1ca8-4873-8de9-8dc3b9bd6451-kb4344175
msft-kb4345681-0c4e3f40-bd63-41ae-b207-af4b1b6d6735-kb4344166
msft-kb4345681-0c4e3f40-bd63-41ae-b207-af4b1b6d6735-kb4344171
msft-kb4345681-0c4e3f40-bd63-41ae-b207-af4b1b6d6735-kb4344178
msft-kb4345681-c601cf7a-ba23-4d6d-bcdc-c61c258e7f1f-kb4344166
msft-kb4345681-c601cf7a-ba23-4d6d-bcdc-c61c258e7f1f-kb4344171
msft-kb4345681-c601cf7a-ba23-4d6d-bcdc-c61c258e7f1f-kb4344178
msft-kb4345682-734871fb-860a-481e-ac5d-87fad8e85d04-kb4344167
msft-kb4345682-734871fb-860a-481e-ac5d-87fad8e85d04-kb4344173
msft-kb4345682-734871fb-860a-481e-ac5d-87fad8e85d04-kb4344176
msft-kb4345682-d4b1b193-ceac-47aa-ab3f-40577650d824-kb4344176
msft-kb4345682-ff3688d8-960e-4600-938d-b3322b8ddb84-kb4344167
msft-kb4345682-ff3688d8-960e-4600-938d-b3322b8ddb84-kb4344173
msft-kb4345682-ff3688d8-960e-4600-938d-b3322b8ddb84-kb4344176
msft-kb4346877-c081ea05-365d-4209-ad75-ef48a621baa6

References

https://attackerkb.com/topics/cve-2018-8202
CVE - 2018-8202
4338417
4338420
4338422
4338602
4338606
4338611
4340007
4340559
4343885
4343887
4343892
4343897
4343909
4344144
4344145
4344146
4344147
4344148
4344149
4344150
4344152
4344153
4344165
4344166
4344167
4344171
4344172
4344173
4344175
4344177
4344178
4345590
4345591
4345592
4345593
4345679
4345680
4345681
4345682
4345993

Advanced vulnerability management analytics and reporting.

Key Features

Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;

Rapid7 Vulnerability & Exploit Database

Microsoft CVE-2018-8202: .NET Framework Elevation of Privilege Vulnerability

Microsoft CVE-2018-8202: .NET Framework Elevation of Privilege Vulnerability

Description

Solution(s)

References

Success! Thank you for submission. We will be in touch shortly.

Oops! There was a problem in submission. Please try again.

Submit your information and we will get in touch with you.