High severity8.8NVD Advisory· Published Apr 12, 2018· Updated Jun 17, 2026
CVE-2018-1004
CVE-2018-1004
Description
A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka "Windows VBScript Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Internet Explorer 9, Windows RT 8.1, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10.
Affected products
11(expand)+ 1 more
- (no CPE)
- (no CPE)range: Windows Server 2008 for 32-bit Systems Service Pack 2
- Range: 32-bit Systems
- Range: 32-bit systems
- Range: Windows RT 8.1
- Range: Itanium-Based Systems Service Pack 1
(Server Core installation)+ 1 more
- (no CPE)range: (Server Core installation)
- (no CPE)range: (Server Core installation)
- Range: (Server Core installation)
Patches
Vulnerability mechanics
References
3- portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1004nvdPatchVendor Advisory
- www.securityfocus.com/bid/103657nvdThird Party AdvisoryVDB Entry
- www.securitytracker.com/id/1040655nvdThird Party AdvisoryVDB Entry
News mentions
0No linked articles in our index yet.