vulnerability
Microsoft CVE-2018-8302: Microsoft Exchange Memory Corruption Vulnerability
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 10 | (AV:N/AC:L/Au:N/C:C/I:C/A:C) | Aug 14, 2018 | Aug 14, 2018 | Oct 15, 2018 |
Severity
10
CVSS
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
Published
Aug 14, 2018
Added
Aug 14, 2018
Modified
Oct 15, 2018
Description
A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the System user. An attacker could then install programs; view, change, or delete data; or create new accounts.
Exploitation of the vulnerability requires that a specially crafted email be sent to a vulnerable Exchange server.
The security update addresses the vulnerability by correcting how Microsoft Exchange handles objects in memory.
Solutions
msft-kb4340731-236458e2-4e58-43d6-8ad4-d503e8b19347msft-kb4340731-3991be38-e267-4b86-be52-eec42ec1aa4emsft-kb4340733-590fa312-9e83-46e9-a2da-9ccebf41c868
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.