Security Updates for Microsoft Publisher Products (June 2018)

high Nessus Plugin ID 110500

Synopsis

The Microsoft Publisher Products are missing a security update.

Description

The Microsoft Publisher Products are missing a security update. It is, therefore, affected by the following vulnerability :

- An elevation of privilege vulnerability exists when Microsoft Publisher fails to utilize features that lock down the Local Machine zone when instantiating OLE objects. An attacker who successfully exploited the vulnerability could force arbitrary code to be executed in the Local Machine zone. (CVE-2018-8245)

Solution

Microsoft has released KB4011186 to address this issue.

See Also

http://www.nessus.org/u?21387e8c

Plugin Details

Severity: High

ID: 110500

File Name: smb_nt_ms18_jun_publisher.nasl

Version: 1.5

Type: local

Agent: windows

Published: 6/12/2018

Updated: 4/24/2020

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2018-8245

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 6.8

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:microsoft:publisher

Required KB Items: SMB/MS_Bulletin_Checks/Possible

Exploit Ease: No known exploits are available

Patch Publication Date: 6/12/2018

Vulnerability Publication Date: 6/12/2018

Reference Information

CVE: CVE-2018-8245

IAVA: 2018-A-0191-S

MSFT: MS18-4011186

MSKB: 4011186