Rapid7 Vulnerability & Exploit Database

Microsoft CVE-2018-8251: Media Foundation Memory Corruption Vulnerability

Free InsightVM Trial No Credit Card Necessary
Watch Demo See how it all works
Back to Search

Microsoft CVE-2018-8251: Media Foundation Memory Corruption Vulnerability

Severity
8
CVSS
(AV:N/AC:H/Au:N/C:C/I:C/A:C)
Published
06/12/2018
Created
07/25/2018
Added
06/12/2018
Modified
11/18/2021

Description

A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory. An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit a malicious webpage. The security update addresses the vulnerability by correcting how Windows Media Foundation handles objects in memory.

Solution(s)

  • msft-kb4284819-09802fac-5d82-4589-9da1-a1b16f7516c6
  • msft-kb4284819-12056057-df80-4f20-a9f8-c8b9bd18ccd6
  • msft-kb4284819-af7712ab-eaad-4b7d-8b8e-2a060c2bfe53
  • msft-kb4284835-3c78a800-e801-4176-a748-b741cf1f302a
  • msft-kb4284835-f0914666-2046-4a90-8eeb-2a49b3a2d663
  • msft-kb4284835-f74f5aaf-95df-4818-8df0-2986a9d1a34e
  • msft-kb4284846-7224573a-6e40-488e-9fc4-b9fe63ac4f30
  • msft-kb4284846-83ee3488-e32d-4212-9b14-8bafd9f37918
  • msft-kb4284846-db5ae8fc-d920-4d70-9f2e-1a912e7ac85f
  • msft-kb4284860-1a3a39c1-fdd4-4e6f-b16b-9593c41df042
  • msft-kb4284860-1b92ed90-ad9d-40f4-8c2c-decd1abd27ea
  • msft-kb4284867-44e75293-87aa-4492-bc0c-1c7a8cabd0f1
  • msft-kb4284867-886f5701-c858-4b84-9222-1de1455020c6
  • msft-kb4284867-a31ec407-3bf3-4abb-9d95-a20580c3ada2
  • msft-kb4284867-ba4e3571-fa24-464e-85dc-3a90994d972d
  • msft-kb4284867-c34dd24f-8ba7-48de-891a-72e59d5b49c2
  • msft-kb4284867-e3aeb85f-2c58-4883-97ca-e342d7ab1c0c
  • msft-kb4284874-689410ed-3cb3-4b76-84b1-5b940e14ab6a
  • msft-kb4284874-fd45c4c5-93e4-4467-a41d-4876854a0a7c
  • msft-kb4284878-0a54ebd2-54fe-40f5-9639-b72023b7a808
  • msft-kb4284878-45636cfd-ab6b-4db5-a310-712f3663eae6
  • msft-kb4284878-4a69b135-0fe8-45c6-9994-61ebbe2e788c
  • msft-kb4284880-073aa939-731e-464c-b64e-f6241c4d9a86
  • msft-kb4284880-29a03d50-43ed-42e6-8012-2a9f083f4f81
  • msft-kb4284880-3105f320-7d78-4034-a86c-03b4f9352480
  • msft-kb4284880-828da5bc-120f-4a10-9fe3-c20aaafbbaff
  • msft-kb4284880-b0b5ce3d-8502-4c09-a621-8486d91d775e
  • msft-kb4284880-fa8b8608-4925-4c9b-871f-a3e5d0b082fa

References

View more

insightVM

Advanced vulnerability management analytics and reporting.
Key Features
Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;