Rapid7 Vulnerability & Exploit Database

Microsoft CVE-2018-0868: Windows Installer Elevation of Privilege Vulnerability

Free InsightVM Trial No Credit Card Necessary

Watch Demo See how it all works

Back to Search

Microsoft CVE-2018-0868: Windows Installer Elevation of Privilege Vulnerability

Severity

CVSS

(AV:L/AC:M/Au:N/C:C/I:C/A:C)

Published

03/13/2018

Created

07/25/2018

Added

03/13/2018

Modified

11/18/2021

Description

An elevation of privilege vulnerability exists in the Windows Installer when the Windows Installer fails to properly sanitize input leading to an insecure library loading behavior. A locally authenticated attacker could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. The security update addresses the vulnerability by correcting the input sanitization error to preclude unintended elevation.

Solution(s)

msft-kb4087398-1edff330-aa4b-46c9-b5b6-da0423f3e172
msft-kb4087398-6ab45774-afcc-4272-bec4-cd3d1db63f0a
msft-kb4087398-806ae972-d4b1-42e0-86a8-57f32c1271dd
msft-kb4087398-97fe034a-0523-4192-88b1-5209a1a53416
msft-kb4088776-2c72e703-9c4c-4146-9e32-cc4386b2cfb2
msft-kb4088776-3b3e0295-642a-4b7d-84b7-c6b5e83f5ca2
msft-kb4088776-786afab9-c31a-475e-8a16-67957d2e609d
msft-kb4088779-48dd1136-48ee-44c7-a573-868521eccff4
msft-kb4088779-c19a8868-ac70-44b1-9b6f-2d4dc02cf9ba
msft-kb4088782-4c26f4d6-719a-484d-b39e-e05f7b8f92b0
msft-kb4088782-f6e16c94-5afc-4df9-9970-2d4ca233b263
msft-kb4088786-beebacd8-b2b4-4dd0-94b4-9e3d6252b7f0
msft-kb4088786-d8280f8b-2c0a-4543-99a8-8e72f83c84dd
msft-kb4088787-5dc25e3e-31b9-4ac7-b1b7-a62a9821390d
msft-kb4088787-b28a900c-61a0-4362-8df4-e1ecc7caa389
msft-kb4088787-c4fe9ff8-acd4-405b-91b5-334daf81ae00
msft-kb4088878-3eccb222-8147-418c-b824-32e3963b52c1
msft-kb4088878-54e97a4a-39f4-4bb4-bec4-c20626c69b4f
msft-kb4088878-89e27e55-1e9f-401f-b425-a336c4de339b
msft-kb4088878-b6298521-2c71-4d80-a936-4488236eb2ab
msft-kb4088878-ce7acebc-806a-4eee-b8b5-49b0519d888a
msft-kb4088878-db255014-1ec8-426a-ab12-20e28bec0d24
msft-kb4088879-913c1d08-eb63-4b74-aeff-a476d1fbaa2c
msft-kb4088879-beb98ea4-03f7-4d8c-a14c-1283b674e7b5
msft-kb4088880-289ecc78-2b4d-450f-9497-0eb70a22c752
msft-kb4088880-4af681cd-8e85-46e0-810c-ef55910f3037
msft-kb4088880-885d494a-b0e4-442b-8540-30de0cf6feba

References

https://attackerkb.com/topics/cve-2018-0868
CVE - 2018-0868
4087398
4088776
4088779
4088782
4088786
4088787
4088875
4088876
4088877
4088878
4088879
4088880

Advanced vulnerability management analytics and reporting.

Key Features

Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;

Rapid7 Vulnerability & Exploit Database

Microsoft CVE-2018-0868: Windows Installer Elevation of Privilege Vulnerability

Microsoft CVE-2018-0868: Windows Installer Elevation of Privilege Vulnerability

Description

Solution(s)

References

Success! Thank you for submission. We will be in touch shortly.

Oops! There was a problem in submission. Please try again.

Submit your information and we will get in touch with you.