The recent zero-day vulnerability in Windows VBScript Engine (CVE-2018-8174), enables attackers to perform a remote code execution on targeted machines. Microsoft has released a security advisory CVE-2018-8174 on May 8, 2018, to address this issue. According to Microsoft, it impacts most of the Windows Operating Systems.
About the vulnerability
This is a use-after-free vulnerability in VBScript Engine which allows attackers to perform a remote code execution on targeted machines. After successful exploitation, attackers can take control of the vulnerable systems and download and execute malware on them.
The vulnerability is currently being exploited in the wild through a malicious Office document which is a Microsoft Office/WordPad exploit (CVE-2017-0199). The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Quick Heal detection
Quick Heal’s generic detection ‘Exp.RTF.CVE-2017-0199.AO’ for Microsoft Office/WordPad exploit (CVE-2017-0199), released on December 12, 2017, detects the initial attack vector observed in the wild.
Quick Heal has released the following detection for the vulnerability CVE-2018-8174:
Quick Heal Security Labs is actively looking for new in-wild exploits for this vulnerability and ensuring coverage for them.