Report Name: Qualys TOP 20 2023 report
Generated: 2023-09-07 13:20:16

Vulristics Vulnerability Scores
Basic Vulnerability Scores
Products

Product NamePrevalenceUCHMLAComment
Windows SMB133Windows component
Apache Log4j20.911Log4j2 is revamped version of Apache Logging framework
GNU Bash0.911Bash is the shell, or command language interpreter, for the GNU operating system
Microsoft Exchange0.844Microsoft Exchange Server is a mail server and calendaring server developed by Microsoft
Microsoft Office0.8415Microsoft Office is a suite of applications designed to help with productivity and completing common tasks on a computer
Netlogon Remote Protocol0.811The Netlogon Remote Protocol is a remote procedure call (RPC) interface that is used for user and machine authentication on domain-based networks
Windows VBScript Engine0.811Windows component
Citrix Application Delivery Controller0.711Citrix Application Delivery Controller (ADC) is an advanced load balancer with features that enhance the performance of applications
Confluence Server0.711Confluence is a web-based corporate wiki
Pulse Connect Secure0.711Pulse Connect Secure provides a seamless, cost-effective, SSL VPN solution for remote and mobile users from any web- enabled device to corporate resources
Oracle Java SE0.6112Oracle Java SE
FortiOS0.511FortiOS is Fortinet's operating system used in their hardware, such as the Fortigate firewall and switches
Microsoft Silverlight0.511Microsoft Silverlight
Oracle WebLogic Server0.411Unified and extensible platform for developing, deploying and running enterprise applications


Vulnerability Types

Vulnerability TypeCriticalityUCHMLA
Remote Code Execution1.014115
Arbitrary File Reading0.9511
Authentication Bypass0.9511
Security Feature Bypass0.911
Denial of Service0.711
Elevation of Privilege0.522
Path Traversal0.422
Unknown Vulnerability Type011


Comments

SourceUCHMLA
Comment22224


Vulnerabilities

Urgent (22)

1. Remote Code Execution - Apache Log4j2 (CVE-2021-44228) - Urgent [983]

Description: Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.

ComponentValueWeightComment
Exploited in the Wild1.018Exploitation in the wild is mentioned on Vulners (CISA object, CISA object, CISA object), AttackerKB, Microsoft websites
Public Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] Log4Shell HTTP Header Injection, [packetstorm] Intel Data Center Manager 5.1 Local Privilege Escalation, [packetstorm] MobileIron Log4Shell Remote Command Execution)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.914Log4j2 is revamped version of Apache Logging framework
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile1.010EPSS Probability is 0.97566, EPSS Percentile is 0.99997

Comment: Qualys Top 20 Most Exploited Vulnerabilities: 10. CVE-2021-44228: Apache Log4j Remote Code Execution Vulnerability Vulnerability Trending Over Years: 2021, 2022, 2023 (77 times) It was exploited by 10 Malware, 26 Threat Actors, and 5 Ransomware and was trending in the wild as recently as September 4, 2023. Qualys Vulnerability Detection (QID): 376157, 730297 In the “Top 12 Routinely Exploited Vulnerabilities in 2022” list, published by CISA earlier. CVE-2021-44228, or “Log4Shell,” is a severe vulnerability in Apache’s log4j Java library. The flaw exploits the ‘lookups’ feature of log4j, enabling an attacker to use a specially crafted input to trigger the execution of a remote Java class on an LDAP server, leading to Remote Code Execution. This issue is highly dangerous if the user input containing specific characters is logged by log4j. It can trigger Java method lookup, resulting in the execution of a user-defined remote Java class on an LDAP server, leading to Remote Code Execution (RCE) on the server running the vulnerable log4j instance.

2. Remote Code Execution - GNU Bash (CVE-2014-6271) - Urgent [983]

Description: GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock." NOTE: the original fix for this issue was incorrect; CVE-2014-7169 has been assigned to cover the vulnerability that is still present after the incorrect fix.

ComponentValueWeightComment
Exploited in the Wild1.018Exploitation in the wild is mentioned on Vulners (AttackerKB object), AttackerKB websites
Public Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] Gnu Bash 4.3 CGI Scan Remote Command Injection, [packetstorm] Gnu Bash 4.3 CGI REFERER Command Injection, [packetstorm] RSSMON / BEAM (Red Star OS 3.0) Shellshock, [packetstorm] Advantech Switch Bash Environment Variable Code Injection, [packetstorm] TrendMicro InterScan Web Security Virtual Appliance Shellshock, [packetstorm] Shellshock Bashed CGI RCE, [packetstorm] FutureNet NXR-G240 Series ShellShock Command Injection, [packetstorm] Pure-FTPd External Authentication Bash Environment Variable Code Injection, [packetstorm] Cisco Unified Communications Manager Command Execution, [packetstorm] Qmail SMTP Bash Environment Variable Injection (Shellshock), [packetstorm] Dhclient Bash Environment Variable Injection, [packetstorm] Apache mod_cgi Remote Command Execution, [packetstorm] Postfix SMTP Shellshock, [packetstorm] bashedCgi Remote Command Execution, [packetstorm] Mac OS X VMWare Fusion Root Privilege Escalation, [packetstorm] Bash Environment Variable Command Execution, [packetstorm] DHCP Client Bash Environment Variable Code Injection, [packetstorm] GNU Bash 4.3 Command Injection, [packetstorm] IPFire Bash Environment Variable Injection (Shellshock), [packetstorm] Staubli Jacquard Industrial System JC6 Shellshock, [packetstorm] QNAP Web Server Remote Code Execution, [packetstorm] Apache mod_cgi Bash Environment Variable Code Injection, [exploitpack] IPFire - CGI Web Interface (Authenticated) Bash Environment Variable Code Injection, [exploitpack] Cisco Unified Communications Manager - Multiple Vulnerabilities, [exploitpack] GNU Bash - Environment Variable Command Injection (Metasploit), [exploitpack] OpenVPN 2.2.29 - Shellshock Remote Command Injection, [exploitpack] PHP 5.6.2 - Shellshock Safe Mode Disable Functions Bypass Command Injection, [exploitpack] TrendMicro InterScan Web Security Virtual Appliance - Shellshock Remote Command Injection, [exploitpack] PHP 5.6.2 - Shellshock Safe Mode disable_functions Bypass Command Injection, [exploitpack] RedStar 3.0 Server - Shellshock BEAM RSSMON Command Injection, [saint] Bash Environment Variable Handling Shell Command Injection Via CUPS, [saint] Bash Environment Variable Handling Shell Command Injection Via CUPS, [saint] ShellShock DHCP Server, [saint] ShellShock DHCP Server, [saint] Bash environment variable code injection over HTTP, [saint] Bash Environment Variable Handling Shell Command Injection Via CUPS, [saint] ShellShock DHCP Server, [saint] Bash environment variable code injection over HTTP, [saint] Bash Environment Variable Handling Shell Command Injection Via CUPS, [saint] Bash environment variable code injection over HTTP, [saint] ShellShock DHCP Server, [zdt] FutureNet NXR-G240 Series ShellShock Command Injection Exploit, [zdt] Advantech Switch Bash Environment Variable Code Injection Exploit, [zdt] IPFire - Bash Environment Variable Injection (Shellshock), [zdt] RedStar 3.0 Server - BEAM & RSSMON Command Execution (Shellshock) Exploit, [zdt] Apache mod_cgi Bash Environment Variable Code Injection Exploit, [zdt] Bash Environment Variables Code Injection Exploit, [zdt] Pure-FTPd External Authentication Bash Environment Variable Code Injection Exploit, [zdt] PHP 5.x - Bypass Disable Functions Vulnerability, [zdt] Dhclient Bash Environment Variable Injection Exploit, [zdt] DHCP Client Bash Environment Variable Code Injection Exploit, [zdt] Cisco 11.0.1 Unified Communications Manager Command Execution Vulnerability, [zdt] QNAP Web Server Remote Code Execution via Bash Environment Variable Code Injection Exploit, [zdt] GNU bash Environment Variable Command Injection Exploit (MSF), [zdt] Mac OS X VMWare Fusion Root Privilege Escalation Exploit, [zdt] TrendMicro InterScan Web Security Virtual Appliance - Remote Code Execution (Shellshock), [exploitdb] Qmail SMTP 1.03 - Bash Environment Variable Injection, [metasploit] IPFire Bash Environment Variable Injection (Shellshock), [metasploit] Advantech Switch Bash Environment Variable Code Injection (Shellshock), [seebug] IPFire Cgi Web Interface Authenticated Bash Environment Variable Code Injection exploit, [seebug] GNU bash Environment Variable Command Injection (MSF), [seebug] OpenVPN 2.2.29 - ShellShock Exploit)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.914Bash is the shell, or command language interpreter, for the GNU operating system
CVSS Base Score1.010CVSS Base Score is 9.8. According to NVD data source
EPSS Percentile1.010EPSS Probability is 0.97566, EPSS Percentile is 0.99997

Comment: Qualys Top 20 Most Exploited Vulnerabilities: 11. CVE-2014-6271: Shellshock – Linux Bash Vulnerability Vulnerability Trending Over Years: 2014, 2016, 2017, 2020, 2021, 2022, 2023 (70 times) It was exploited by 18 Malware, 1 Threat Actors, and was trending in the wild as recently as September 2, 2023. Qualys Vulnerability Detection (QID): 122693, 13038, 150134 Shellshock (CVE-2014-6271) is a critical vulnerability affecting the Unix Bash shell in many Linux, Unix, and Mac OS systems. It allows remote code execution by misusing Bash’s processing of environment variables, enabling attackers to append and execute malicious commands. It has a high severity score since it can impact multiple devices and applications, risking unauthorized data access or service disruption,

3. Remote Code Execution - Windows SMB (CVE-2017-0143) - Urgent [976]

Description: The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka "Windows SMB Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0144, CVE-2017-0145, CVE-2017-0146, and CVE-2017-0148.

ComponentValueWeightComment
Exploited in the Wild1.018Exploitation in the wild is mentioned on Vulners (AttackerKB object), AttackerKB websites
Public Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([zdt] Microsoft Windows - SrvOs2FeaToNt SMB Remote Code Execution (MS17-010) Exploit, [zdt] DOUBLEPULSAR - Payload Execution and Neutralization Exploit, [zdt] SMB DOUBLEPULSAR Remote Code Execution Exploit, [zdt] Microsoft Windows MS17-010 EternalBlue SMB Remote Windows Kernel Pool Corruption Exploit, [zdt] Microsoft Windows - Uncredentialed SMB RCE (MS17-010) Exploit, [zdt] Microsoft Windows SMB MS17-010 EternalRomance / EternalSynergy / EternalChampion Remote Code Executi, [zdt] Microsoft Windows 8 / 2012 R2 (x64) - EternalBlue SMB Remote Code Execution (MS17-010) Exploit, [zdt] Microsoft Windows 7 / 2008 R2 (x64) - EternalBlue SMB Remote Code Execution (MS17-010) Exploit, [packetstorm] Microsoft Windows MS17-010 SMB Remote Code Execution, [packetstorm] DOUBLEPULSAR Payload Execution / Neutralization, [packetstorm] MS17-010 EternalBlue SMB Remote Windows Kernel Pool Corruption, [packetstorm] SMB DOUBLEPULSAR Remote Code Execution, [packetstorm] MS17-010 EternalRomance / EternalSynergy / EternalChampion SMB Remote Windows Code Execution, [packetstorm] Microsoft Windows 8/2012 R2 x64 EternalBlue Remote Code Execution, [packetstorm] Microsoft Windows 7/2008 R2 x64 EternalBlue Remote Code Execution, [seebug] ETERNALBLUE - Remote RCE via SMB & NBT (Windows XP to Windows 2012), [seebug] EternalChampion - Windows SMB Remote Code Execution Vulnerability (CVE-2017-0146), [canvas] Immunity Canvas: MS17_010, [canvas] Immunity Canvas: ETERNALBLUE, [saint] Windows SMBv1 Remote Command Execution, [saint] Windows SMBv1 Remote Command Execution, [saint] Windows SMBv1 Remote Command Execution, [saint] Windows SMB PsImpersonateClient null token vulnerability, [saint] Windows SMB PsImpersonateClient null token vulnerability, [saint] Windows SMB PsImpersonateClient null token vulnerability, [saint] Windows SMBv1 Transaction race condition, [saint] Windows SMBv1 Transaction race condition, [saint] Windows SMBv1 Transaction race condition)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common114Windows component
CVSS Base Score0.810CVSS Base Score is 8.1. According to Microsoft data source
EPSS Percentile1.010EPSS Probability is 0.97334, EPSS Percentile is 0.99817

Comment: Qualys Top 20 Most Exploited Vulnerabilities: 6. CVE-2017-0144, CVE-2017-0145, CVE-2017-0143: Windows SMBv1 Remote Code Execution Vulnerability WannaCry, Petya Vulnerability Trending Over Years: 2017, 2020, 2021, 2023 (50 times) It was exploited by 12 Malware, 10 Threat Actors, and 12 Ransomware and was trending in the wild as recently as September 1, 2023. Qualys Vulnerability Detection (QID): 91361, 91360, 91359, 91345 Commonly known as Shadow Broker or MS17-010, or “ETERNALBLUE,” or “ETERNALSYNERGY” or “ETERNAL ROMANCE” is a remote code execution vulnerability in Microsoft’s Server Message Block 1.0 (SMBv1) protocol. The vulnerability arises from how SMBv1 handles specific requests, allowing an attacker(usually authenticated) to send a specially crafted packet to an SMBv1 server, enabling them to execute code on the target server. It was infamously exploited in the widespread WannaCry ransomware attack in 2017, leading to global data encryption and ransom demands.

4. Remote Code Execution - Windows SMB (CVE-2017-0144) - Urgent [976]

Description: The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka "Windows SMB Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0143, CVE-2017-0145, CVE-2017-0146, and CVE-2017-0148.

ComponentValueWeightComment
Exploited in the Wild1.018Exploitation in the wild is mentioned on Vulners (AttackerKB object), AttackerKB websites
Public Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] DOUBLEPULSAR Payload Execution / Neutralization, [packetstorm] SMB DOUBLEPULSAR Remote Code Execution, [packetstorm] Microsoft Windows MS17-010 SMB Remote Code Execution, [packetstorm] MS17-010 EternalBlue SMB Remote Windows Kernel Pool Corruption, [packetstorm] Microsoft Windows 8/2012 R2 x64 EternalBlue Remote Code Execution, [packetstorm] Microsoft Windows 7/2008 R2 x64 EternalBlue Remote Code Execution, [packetstorm] MS17-010 EternalRomance / EternalSynergy / EternalChampion SMB Remote Windows Code Execution, [zdt] DOUBLEPULSAR - Payload Execution and Neutralization Exploit, [zdt] SMB DOUBLEPULSAR Remote Code Execution Exploit, [zdt] Microsoft Windows - Uncredentialed SMB RCE (MS17-010) Exploit, [zdt] Microsoft Windows - SrvOs2FeaToNt SMB Remote Code Execution (MS17-010) Exploit, [zdt] Microsoft Windows MS17-010 EternalBlue SMB Remote Windows Kernel Pool Corruption Exploit, [zdt] Microsoft Windows 8 / 2012 R2 (x64) - EternalBlue SMB Remote Code Execution (MS17-010) Exploit, [zdt] Microsoft Windows 7 / 2008 R2 (x64) - EternalBlue SMB Remote Code Execution (MS17-010) Exploit, [zdt] Microsoft Windows SMB MS17-010 EternalRomance / EternalSynergy / EternalChampion Remote Code Executi, [seebug] ETERNALBLUE - Remote RCE via SMB & NBT (Windows XP to Windows 2012), [seebug] EternalChampion - Windows SMB Remote Code Execution Vulnerability (CVE-2017-0146), [saint] Windows SMB PsImpersonateClient null token vulnerability, [saint] Windows SMB PsImpersonateClient null token vulnerability, [saint] Windows SMB PsImpersonateClient null token vulnerability, [saint] Windows SMBv1 Remote Command Execution, [saint] Windows SMBv1 Remote Command Execution, [saint] Windows SMBv1 Remote Command Execution, [saint] Windows SMBv1 Transaction race condition, [saint] Windows SMBv1 Transaction race condition, [saint] Windows SMBv1 Transaction race condition, [canvas] Immunity Canvas: MS17_010, [canvas] Immunity Canvas: ETERNALBLUE)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common114Windows component
CVSS Base Score0.810CVSS Base Score is 8.1. According to Microsoft data source
EPSS Percentile1.010EPSS Probability is 0.97452, EPSS Percentile is 0.99924

Comment: Qualys Top 20 Most Exploited Vulnerabilities: 6. CVE-2017-0144, CVE-2017-0145, CVE-2017-0143: Windows SMBv1 Remote Code Execution Vulnerability WannaCry, Petya Vulnerability Trending Over Years: 2017, 2020, 2021, 2023 (50 times) It was exploited by 12 Malware, 10 Threat Actors, and 12 Ransomware and was trending in the wild as recently as September 1, 2023. Qualys Vulnerability Detection (QID): 91361, 91360, 91359, 91345 Commonly known as Shadow Broker or MS17-010, or “ETERNALBLUE,” or “ETERNALSYNERGY” or “ETERNAL ROMANCE” is a remote code execution vulnerability in Microsoft’s Server Message Block 1.0 (SMBv1) protocol. The vulnerability arises from how SMBv1 handles specific requests, allowing an attacker(usually authenticated) to send a specially crafted packet to an SMBv1 server, enabling them to execute code on the target server. It was infamously exploited in the widespread WannaCry ransomware attack in 2017, leading to global data encryption and ransom demands.

5. Remote Code Execution - Windows SMB (CVE-2017-0145) - Urgent [976]

Description: The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka "Windows SMB Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0143, CVE-2017-0144, CVE-2017-0146, and CVE-2017-0148.

ComponentValueWeightComment
Exploited in the Wild1.018Exploitation in the wild is mentioned on AttackerKB website
Public Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] DOUBLEPULSAR Payload Execution / Neutralization, [packetstorm] Microsoft Windows MS17-010 SMB Remote Code Execution, [packetstorm] SMB DOUBLEPULSAR Remote Code Execution, [packetstorm] MS17-010 EternalBlue SMB Remote Windows Kernel Pool Corruption, [packetstorm] MS17-010 EternalRomance / EternalSynergy / EternalChampion SMB Remote Windows Code Execution, [packetstorm] Microsoft Windows 8/2012 R2 x64 EternalBlue Remote Code Execution, [packetstorm] Microsoft Windows 7/2008 R2 x64 EternalBlue Remote Code Execution, [zdt] DOUBLEPULSAR - Payload Execution and Neutralization Exploit, [zdt] SMB DOUBLEPULSAR Remote Code Execution Exploit, [zdt] Microsoft Windows - SrvOs2FeaToNt SMB Remote Code Execution (MS17-010) Exploit, [zdt] Microsoft Windows - Uncredentialed SMB RCE (MS17-010) Exploit, [zdt] Microsoft Windows MS17-010 EternalBlue SMB Remote Windows Kernel Pool Corruption Exploit, [zdt] Microsoft Windows SMB MS17-010 EternalRomance / EternalSynergy / EternalChampion Remote Code Executi, [zdt] Microsoft Windows 8 / 2012 R2 (x64) - EternalBlue SMB Remote Code Execution (MS17-010) Exploit, [zdt] Microsoft Windows 7 / 2008 R2 (x64) - EternalBlue SMB Remote Code Execution (MS17-010) Exploit, [seebug] ETERNALBLUE - Remote RCE via SMB & NBT (Windows XP to Windows 2012), [seebug] EternalChampion - Windows SMB Remote Code Execution Vulnerability (CVE-2017-0146), [canvas] Immunity Canvas: MS17_010, [canvas] Immunity Canvas: ETERNALBLUE, [saint] Windows SMBv1 Remote Command Execution, [saint] Windows SMBv1 Remote Command Execution, [saint] Windows SMBv1 Remote Command Execution, [saint] Windows SMB PsImpersonateClient null token vulnerability, [saint] Windows SMB PsImpersonateClient null token vulnerability, [saint] Windows SMB PsImpersonateClient null token vulnerability, [saint] Windows SMBv1 Transaction race condition, [saint] Windows SMBv1 Transaction race condition, [saint] Windows SMBv1 Transaction race condition)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common114Windows component
CVSS Base Score0.810CVSS Base Score is 8.1. According to Microsoft data source
EPSS Percentile1.010EPSS Probability is 0.97347, EPSS Percentile is 0.99832

Comment: Qualys Top 20 Most Exploited Vulnerabilities: 6. CVE-2017-0144, CVE-2017-0145, CVE-2017-0143: Windows SMBv1 Remote Code Execution Vulnerability WannaCry, Petya Vulnerability Trending Over Years: 2017, 2020, 2021, 2023 (50 times) It was exploited by 12 Malware, 10 Threat Actors, and 12 Ransomware and was trending in the wild as recently as September 1, 2023. Qualys Vulnerability Detection (QID): 91361, 91360, 91359, 91345 Commonly known as Shadow Broker or MS17-010, or “ETERNALBLUE,” or “ETERNALSYNERGY” or “ETERNAL ROMANCE” is a remote code execution vulnerability in Microsoft’s Server Message Block 1.0 (SMBv1) protocol. The vulnerability arises from how SMBv1 handles specific requests, allowing an attacker(usually authenticated) to send a specially crafted packet to an SMBv1 server, enabling them to execute code on the target server. It was infamously exploited in the widespread WannaCry ransomware attack in 2017, leading to global data encryption and ransom demands.

6. Remote Code Execution - Microsoft Exchange (CVE-2021-26855) - Urgent [954]

Description: Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26412, CVE-2021-26854, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065, CVE-2021-27078.

ComponentValueWeightComment
Exploited in the Wild1.018Exploitation in the wild is mentioned on Vulners (AttackerKB object), AttackerKB, Microsoft websites
Public Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([zdt] Microsoft Exchange ProxyLogon Remote Code Execution Exploit, [zdt] Microsoft Exchange 2019 - SSRF to Arbitrary File Write (Proxylogon) Exploit, [zdt] Microsoft Exchange 2019 - Unauthenticated Email Download Exploit, [zdt] Microsoft Exchange 2019 - Unauthenticated Email Download Exploit, [metasploit] Microsoft Exchange ProxyLogon RCE, [metasploit] Microsoft Exchange ProxyLogon Scanner, [metasploit] Microsoft Exchange ProxyLogon Collector, [packetstorm] Microsoft Exchange ProxyLogon Remote Code Execution, [packetstorm] Microsoft Exchange ProxyLogon Collector, [packetstorm] Microsoft Exchange Proxylogon SSRF Proof Of Concept, [packetstorm] Microsoft Exchange 2019 Unauthenticated Email Download, [packetstorm] Microsoft Exchange 2019 SSRF / Arbitrary File Write , [exploitdb] Microsoft Exchange 2019 - Unauthenticated Email Download (Metasploit), [exploitdb] Microsoft Exchange 2019 - Unauthenticated Email Download, [saint] Microsoft Exchange Server ProxyLogon vulnerability, [saint] Microsoft Exchange Server ProxyLogon vulnerability, [saint] Microsoft Exchange Server ProxyLogon vulnerability, [srcincite] SRC-2021-0012 : Microsoft Exchange Server ImportTransportRuleCollection ProcessE15Format Remote Code Execution Vulnerability (patch bypass), [srcincite] SRC-2021-0013 : Microsoft Exchange Server DlpUtils AddTenantDlpPolicy ruleParameters TOCTOU Remote Code Execution Vulnerability (patch bypass), [srcincite] SRC-2021-0011 : Microsoft Exchange Server ImportTransportRuleCollection ProcessE15Format Remote Code Execution Vulnerability (patch bypass))
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814Microsoft Exchange Server is a mail server and calendaring server developed by Microsoft
CVSS Base Score0.910CVSS Base Score is 9.1. According to Microsoft data source
EPSS Percentile1.010EPSS Probability is 0.9751, EPSS Percentile is 0.99969

Comment: Qualys Top 20 Most Exploited Vulnerabilities: 17. CVE-2021-26855: Microsoft Exchange Server Authentication Bypass (RCE) Vulnerability Trending Over Years: 2021, 2023 (46 times) It was exploited by 19 Malware, 22 Threat Actors, and 9 Ransomware and was trending in the wild as recently as September 2, 2023. Qualys Vulnerability Detection (QID): 50107, 50108 In the “Additional Routinely Exploited Vulnerabilities in 2022” list, published by CISA earlier. CVE-2021-26855, a part of the ProxyLogon exploit chain, is a server-side request forgery (SSRF) vulnerability in Microsoft Exchange Server that enables attackers to bypass authentication mechanisms and impersonate users. The flaw allows arbitrary HTTP requests, granting access to users’ mailboxes and enabling information theft. It has been widely exploited by various threat actors, leading to emergency patches by Microsoft.

7. Remote Code Execution - Microsoft Exchange (CVE-2021-34473) - Urgent [954]

Description: Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-31196, CVE-2021-31206.

ComponentValueWeightComment
Exploited in the Wild1.018Exploitation in the wild is mentioned on Vulners (AttackerKB object, CISA object), AttackerKB websites
Public Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] Microsoft Exchange ProxyShell Remote Code Execution, [metasploit] Microsoft Exchange ProxyShell RCE, [zdt] Microsoft Exchange ProxyShell Remote Code Execution Exploit, [seebug] Exchange ProxyOracle 信息泄露漏洞利用链(CVE-2021-31195、 CVE-2021-31196))
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814Microsoft Exchange Server is a mail server and calendaring server developed by Microsoft
CVSS Base Score0.910CVSS Base Score is 9.1. According to Microsoft data source
EPSS Percentile1.010EPSS Probability is 0.97443, EPSS Percentile is 0.99915

Comment: Qualys Top 20 Most Exploited Vulnerabilities: 8. CVE-2021-34473, CVE-2021-34523, CVE-2021-31207: Microsoft Exchange Server RCE (ProxyShell) Vulnerability Trending Over Years: 2021, 2022, 2023 (39 times) It was exploited by 12 Malware, 20 Threat Actors, and 12 Ransomware and was trending in the wild as recently as September 2, 2023. Qualys Vulnerability Detection (QID): 50114, 50111, 50112 In the “Top 12 Routinely Exploited Vulnerabilities in 2022” list, published by CISA earlier. ProxyShell, a chain of vulnerabilities that impacts on-premises Microsoft Exchange Servers, is widely used for email and associated services globally. These vulnerabilities exist in the Microsoft Client Access Service (CAS), typically running on port 443 in IIS, often exposed to the internet to allow users to access their email remotely. This exposure has led to widespread exploitation by threat actors deploying web shells to execute arbitrary code on compromised devices. They allow an actor to bypass authentication and execute code as a privileged user.

8. Remote Code Execution - Microsoft Office (CVE-2012-0158) - Urgent [954]

Description: The (1) ListView, (2) ListView2, (3) TreeView, and (4) TreeView2 ActiveX controls in MSCOMCTL.OCX in the Common Controls in Microsoft Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Office 2003 Web Components SP3; SQL Server 2000 SP4, 2005 SP4, and 2008 SP2, SP3, and R2; BizTalk Server 2002 SP1; Commerce Server 2002 SP4, 2007 SP2, and 2009 Gold and R2; Visual FoxPro 8.0 SP1 and 9.0 SP2; and Visual Basic 6.0 Runtime allow remote attackers to execute arbitrary code via a crafted (a) web site, (b) Office document, or (c) .rtf file that triggers "system state" corruption, as exploited in the wild in April 2012, aka "MSCOMCTL.OCX RCE Vulnerability."

ComponentValueWeightComment
Exploited in the Wild1.018Exploitation in the wild is mentioned on Vulners (AttackerKB object), AttackerKB websites
Public Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([saint] Microsoft Windows Common Controls MSCOMCTL.OCX Vulnerability, [saint] Microsoft Windows Common Controls MSCOMCTL.OCX Vulnerability, [saint] Microsoft Windows Common Controls MSCOMCTL.OCX Vulnerability, [saint] Microsoft Windows Common Controls MSCOMCTL.OCX Vulnerability, [canvas] Immunity Canvas: MS12_027, [packetstorm] MS12-027 MSCOMCTL ActiveX Buffer Overflow, [seebug] Microsoft Office 内存损坏漏洞(CVE-2015-1641))
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814Microsoft Office is a suite of applications designed to help with productivity and completing common tasks on a computer
CVSS Base Score0.910CVSS Base Score is 9.3. According to Vulners data source
EPSS Percentile1.010EPSS Probability is 0.97286, EPSS Percentile is 0.99785

Comment: Qualys Top 20 Most Exploited Vulnerabilities: 3. CVE-2012-0158: Vulnerability in Windows Common Controls Could Allow RCE Vulnerability Trending Over Years: 2013, 2020, 2021, 2023 (33 times) It was exploited by 63 Malware, 45 Threat Actors, 2 Ransomware and was trending in the wild as recently as August 31, 2023. Qualys Vulnerability Detection (QID): 90793 CVE-2012-0158 is a substantial remote code execution vulnerability in Windows standard controls. An attacker can exploit the flaw by constructing a specially crafted webpage. Upon viewing this webpage, the vulnerability can allow remote code execution, potentially granting the attacker the same rights as the logged-on user. If the user has administrative privileges, this could mean total control of the affected system. Disclosed in 2012, this vulnerability has been notably exploited in various cyber-attacks, enabling attackers to install programs, manipulate data, or create new accounts with full user rights.

9. Remote Code Execution - Confluence Server (CVE-2021-26084) - Urgent [950]

Description: In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are before version 6.13.23, from version 6.14.0 before 7.4.11, from version 7.5.0 before 7.11.6, and from version 7.12.0 before 7.12.5.

ComponentValueWeightComment
Exploited in the Wild1.018Exploitation in the wild is mentioned on Vulners (AttackerKB object), AttackerKB websites
Public Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([zdt] Atlassian Confluence WebWork OGNL Injection Exploit, [zdt] Confluence Server 7.12.4 - (OGNL injection) Remote Code Execution Exploit, [zdt] Atlassian Confluence Namespace OGNL Injection Exploit, [metasploit] Atlassian Confluence WebWork OGNL Injection, [packetstorm] Confluence Server 7.12.4 OGNL Injection Remote Code Execution, [packetstorm] Atlassian Confluence WebWork OGNL Injection, [packetstorm] Atlassian Confluence Namespace OGNL Injection, [exploitdb] Confluence Server 7.12.4 - 'OGNL injection' Remote Code Execution (RCE) (Unauthenticated))
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.714Confluence is a web-based corporate wiki
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile1.010EPSS Probability is 0.97457, EPSS Percentile is 0.9993

Comment: Qualys Top 20 Most Exploited Vulnerabilities: 20. CVE-2021-26084: Atlassian Confluence Server Webwork OGNL Injection RCE Vulnerability Vulnerability Trending Over Years: 2021, 2022, 2023 (35 times) It was exploited by 8 Malware, 6 Threat Actors, and 8 Ransomware and was trending in the wild as recently as September 2, 2023. Qualys Vulnerability Detection (QID): 730172, 150368, 375839 In the “Top 12 Routinely Exploited Vulnerabilities in 2022” list, published by CISA earlier. CVE-2021-26084 is a critical vulnerability in Atlassian’s Confluence Server and Data Center, specifically within the Webwork OGNL component. This vulnerability can enable an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance, potentially compromising system integrity.

10. Remote Code Execution - Microsoft Office (CVE-2017-11882) - Urgent [942]

Description: Microsoft Office Memory Corruption Vulnerability. A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Office or Microsoft WordPad software. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file. The security update addresses the vulnerability by correcting how the affected Office component handles objects in memory.

ComponentValueWeightComment
Exploited in the Wild1.018Exploitation in the wild is mentioned on Vulners (AttackerKB object), AttackerKB websites
Public Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([exploitpack] Microsoft Office - OLE Remote Code Execution, [metasploit] Microsoft Office CVE-2017-11882)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814Microsoft Office is a suite of applications designed to help with productivity and completing common tasks on a computer
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile1.010EPSS Probability is 0.97464, EPSS Percentile is 0.99935

Comment: Qualys Top 20 Most Exploited Vulnerabilities: 1. CVE-2017-11882: Microsoft Office Memory Corruption Vulnerability Vulnerability Trending Over Years: 2018, 2020, 2021, 2022, 2023 (79 times) It was exploited by 467 Malware, 53 Threat Actors, and 14 Ransomware and was trending in the wild as recently as August 31, 2023. In the “Additional Routinely Exploited Vulnerabilities in 2022” list, published by CISA earlier. Qualys Vulnerability Detection (QID): 110308 Disclosed in 2017, CVE-2017-11882 is a significant memory corruption vulnerability in Microsoft Office’s Equation Editor. It could enable an attacker to execute arbitrary code under the current user’s permissions. If the user has administrative rights, the attacker could gain complete control of the system, install programs, alter data, or create new user accounts with full privileges. This vulnerability will be exploited if the user opens a specially crafted file, potentially sent via email or hosted on a compromised website. It’s been primarily exploited in various cyber-attacks and espionage campaigns.

11. Remote Code Execution - Microsoft Office (CVE-2017-8570) - Urgent [942]

Description: Microsoft Office allows a remote code execution vulnerability due to the way that it handles objects in memory, aka "Microsoft Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-0243.

ComponentValueWeightComment
Exploited in the Wild1.018Exploitation in the wild is mentioned on Vulners (AttackerKB object), AttackerKB websites
Public Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([zdt] Microsoft Office - Composite Moniker Remote Code Execution Exploit, [exploitpack] Microsoft Office - Composite Moniker Remote Code Execution, [exploitdb] Microsoft Office - 'Composite Moniker Remote Code Execution, [canvas] Immunity Canvas: OFFICE_WSDL)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814Microsoft Office is a suite of applications designed to help with productivity and completing common tasks on a computer
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile1.010EPSS Probability is 0.97337, EPSS Percentile is 0.9982

Comment: Qualys Top 20 Most Exploited Vulnerabilities: 4. CVE-2017-8570: Microsoft Office Remote Code Execution Vulnerability Vulnerability Trending Over Years: 2018, 2020, 2023 (25 times) It was exploited by 52 Malware 11 Threat Actors and was trending in the wild as recently as September 2, 2023 Qualys Vulnerability Detection (QID): 110300 CVE-2017-8570 is a significant remote code execution vulnerability in Microsoft Office and WordPad. It involves the way these applications handle specially crafted files. It can be exploited by an attacker who convinces a user to open a specially designed file, potentially allowing the attacker to run arbitrary code on the victim’s machine with the same privileges as the logged-in user and serving as a downloader to other high-profile malware.

12. Remote Code Execution - Windows VBScript Engine (CVE-2018-8174) - Urgent [942]

Description: A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka "Windows VBScript Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.

ComponentValueWeightComment
Exploited in the Wild1.018Exploitation in the wild is mentioned on Vulners (AttackerKB object), AttackerKB, Microsoft websites
Public Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] Microsoft Internet Explorer 11 Vbscript Code Execution, [zdt] Microsoft Internet Explorer 11 #InternetExplorer #IE (#Windows7 x64/x86) - vbscript Code Execution E, [srcincite] SRC-2019-0009 : Foxit Reader SDK ActiveX Launch Action New Window Command Injection Remote Code Execution Vulnerability, [srcincite] SRC-2019-0010 : Foxit Reader SDK ActiveX URI Parsing Stack Based Buffer Overflow Remote Code Execution Vulnerability)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814Windows component
CVSS Base Score0.810CVSS Base Score is 7.5. According to Microsoft data source
EPSS Percentile1.010EPSS Probability is 0.97445, EPSS Percentile is 0.99917

Comment: Qualys Top 20 Most Exploited Vulnerabilities: 12. CVE-2018-8174: Windows VBScript Engine Remote Code Execution Vulnerability Vulnerability Trending Over Years: 2018, 2020, 2023 (30 times) It was exploited by 21 Malware, 10 Threat Actors, and 7 Ransomware and was trending in the wild as recently as September 4, 2023. Qualys Vulnerability Detection (QID): 91447 CVE-2018-8174 is a critical vulnerability in Microsoft Windows’ VBScript Engine, enabling remote code execution. Triggered by viewing a malicious website with Internet Explorer or opening a rigged Microsoft Office document, this flaw allows an attacker to manipulate memory objects and execute code. The attacker can fully control the system if the user has administrative rights.

13. Arbitrary File Reading - Pulse Connect Secure (CVE-2019-11510) - Urgent [941]

Description: In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability .

ComponentValueWeightComment
Exploited in the Wild1.018Exploitation in the wild is mentioned on Vulners (AttackerKB object), AttackerKB websites
Public Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([zdt] Pulse Secure 8.1R15.1/8.2/8.3/9.0 SSL VPN - Arbitrary File Disclosure Exploit, [exploitpack] Pulse Secure 8.1R15.18.28.39.0 SSL VPN - Arbitrary File Disclosure (Metasploit), [packetstorm] Pulse Secure SSL VPN 8.1R15.1 / 8.2 / 8.3 / 9.0 Arbitrary File Disclosure, [dsquare] Pulse Connect Secure File Disclosure, [exploitdb] Pulse Secure 8.1R15.1/8.2/8.3/9.0 SSL VPN - Arbitrary File Disclosure (Metasploit))
Criticality of Vulnerability Type0.9515Arbitrary File Reading
Vulnerable Product is Common0.714Pulse Connect Secure provides a seamless, cost-effective, SSL VPN solution for remote and mobile users from any web- enabled device to corporate resources
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile1.010EPSS Probability is 0.97226, EPSS Percentile is 0.99748

Comment: Qualys Top 20 Most Exploited Vulnerabilities: 9. CVE-2019-11510: Pulse Secure Pulse Connect Secure SSL VPN Unauthenticated Path Vulnerability Trending Over Years: 2019, 2020, 2023 (53 times) It was exploited by 13 Malware, 18 Threat Actors, and 12 Ransomware and was trending in the wild as recently as September 4, 2023. Qualys Vulnerability Detection (QID): 38771 In the “Additional Routinely Exploited Vulnerabilities in 2022” list, published by CISA earlier. CVE-2019-11510 is a critical vulnerability found in Pulse Connect Secure, a widely used VPN solution by Pulse Secure. The flaw enables an unauthenticated, remote attacker to exploit a specific endpoint and read arbitrary files on the system, including sensitive information such as private keys and user credentials. Due to its severity, It can provide an attacker with similar access to the corporate network as a legitimate user.

14. Remote Code Execution - Microsoft Office (CVE-2017-0199) - Urgent [930]

Description: Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office 2013 SP1, Microsoft Office 2016, Microsoft Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, Windows 8.1 allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office/WordPad Remote Code Execution Vulnerability w/Windows API."

ComponentValueWeightComment
Exploited in the Wild1.018Exploitation in the wild is mentioned on Vulners (AttackerKB object), AttackerKB websites
Public Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([saint] Microsoft Word and WordPad RTF HTA handler command execution, [saint] Microsoft Word and WordPad RTF HTA handler command execution, [saint] Microsoft Word and WordPad RTF HTA handler command execution, [metasploit] Microsoft Office Word Malicious Hta Execution, [packetstorm] Microsoft RTF Remote Code Execution, [packetstorm] Microsoft Office Word Malicious Hta Execution, [packetstorm] Microsoft Word MTA Handler Remote Code Execution, [zdt] Microsoft Office / WordPad Remote Code Execution Vulnerability, [zdt] Microsoft Word - .RTF Remote Code Execution Exploit, [zdt] Microsoft Excel - OLE Arbitrary Code Execution Exploit, [zdt] Microsoft Office Word Malicious Hta Execution Exploit, [exploitpack] Microsoft Word - .RTF Remote Code Execution, [exploitpack] Microsoft Office - Composite Moniker Remote Code Execution, [seebug] Microsoft Office OLE2Link vulnerability (CVE-2017-0199), [seebug] FireEye Uncovers CVE-2017-8759: Zero-Day Used in the Wild to Distribute FINSPY, [exploitdb] Microsoft Office Word - '.RTF' Malicious HTA Execution (Metasploit), [exploitdb] Microsoft Word - '.RTF' Remote Code Execution, [exploitdb] Microsoft Office - 'Composite Moniker Remote Code Execution, [canvas] Immunity Canvas: OFFICE_WSDL)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814Microsoft Office is a suite of applications designed to help with productivity and completing common tasks on a computer
CVSS Base Score0.710CVSS Base Score is 6.7. According to Microsoft data source
EPSS Percentile1.010EPSS Probability is 0.97445, EPSS Percentile is 0.99916

Comment: Qualys Top 20 Most Exploited Vulnerabilities: 2. CVE-2017-0199: Microsoft Wordpad Remote Code Execution Vulnerability Vulnerability Trending Over Years: 2017, 2020, 2021, 2023 (59 times) It was exploited by 93 Malware, 53 Threat Actors, and 5 Ransomware and was trending in the wild as recently as September 4, 2023. Qualys Vulnerability Detection (QID): 110297 In the “Additional Routinely Exploited Vulnerabilities in 2022” list, published by CISA earlier. CVE-2017-0199 is a notable remote code execution vulnerability that affects specific Microsoft Office and WordPad versions precisely when they parse specially crafted files. This vulnerability is the most favored vulnerability by malware, threat actors, and ransomware. If successfully exploited, an attacker could execute arbitrary code in the current user’s security context, potentially taking control of the system. Exploitation involves a user opening or previewing a maliciously crafted file, often sent via email. Microsoft has addressed this vulnerability by correcting how Office and WordPad parse these files and by enabling certain API functionality in Windows for further resolution.

15. Security Feature Bypass - Microsoft Exchange (CVE-2021-31207) - Urgent [913]

Description: Microsoft Exchange Server Security Feature Bypass Vulnerability

ComponentValueWeightComment
Exploited in the Wild1.018Exploitation in the wild is mentioned on Vulners (CISA object), AttackerKB websites
Public Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] Microsoft Exchange ProxyShell Remote Code Execution, [metasploit] Microsoft Exchange ProxyShell RCE)
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.814Microsoft Exchange Server is a mail server and calendaring server developed by Microsoft
CVSS Base Score0.710CVSS Base Score is 6.6. According to Microsoft data source
EPSS Percentile1.010EPSS Probability is 0.97158, EPSS Percentile is 0.99692

Comment: Qualys Top 20 Most Exploited Vulnerabilities: 8. CVE-2021-34473, CVE-2021-34523, CVE-2021-31207: Microsoft Exchange Server RCE (ProxyShell) Vulnerability Trending Over Years: 2021, 2022, 2023 (39 times) It was exploited by 12 Malware, 20 Threat Actors, and 12 Ransomware and was trending in the wild as recently as September 2, 2023. Qualys Vulnerability Detection (QID): 50114, 50111, 50112 In the “Top 12 Routinely Exploited Vulnerabilities in 2022” list, published by CISA earlier. ProxyShell, a chain of vulnerabilities that impacts on-premises Microsoft Exchange Servers, is widely used for email and associated services globally. These vulnerabilities exist in the Microsoft Client Access Service (CAS), typically running on port 443 in IIS, often exposed to the internet to allow users to access their email remotely. This exposure has led to widespread exploitation by threat actors deploying web shells to execute arbitrary code on compromised devices. They allow an actor to bypass authentication and execute code as a privileged user.

16. Remote Code Execution - Microsoft Silverlight (CVE-2013-0074) - Urgent [904]

Description: Microsoft Silverlight 5, and 5 Developer Runtime, before 5.1.20125.0 does not properly validate pointers during HTML object rendering, which allows remote attackers to execute arbitrary code via a crafted Silverlight application, aka "Silverlight Double Dereference Vulnerability."

ComponentValueWeightComment
Exploited in the Wild1.018Exploitation in the wild is mentioned on Vulners (cisa_kev object), AttackerKB websites
Public Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([zdt] MS12-022 Microsoft Internet Explorer COALineDashStyleArray Unsafe Memory Access, [zdt] Microsoft Internet Explorer COALineDashStyleArray Unsafe Memory Access, [zdt] Microsoft Silverlight - ScriptObject Unsafe Memory Access (MS13-022/MS13-087) Exploit, [seebug] MS12-022 Microsoft Internet Explorer COALineDashStyleArray Unsafe Memory Access, [metasploit] MS13-022 Microsoft Silverlight ScriptObject Unsafe Memory Access, [packetstorm] Microsoft Internet Explorer COALineDashStyleArray Unsafe Memory Access, [exploitdb] Microsoft Internet Explorer - COALineDashStyleArray Unsafe Memory Access (MS12-022) (Metasploit), [exploitdb] Microsoft Silverlight - ScriptObject Unsafe Memory Access (MS13-022/MS13-087) (Metasploit))
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.514Microsoft Silverlight
CVSS Base Score0.910CVSS Base Score is 9.3. According to Vulners data source
EPSS Percentile1.010EPSS Probability is 0.96731, EPSS Percentile is 0.9951

Comment: Qualys Top 20 Most Exploited Vulnerabilities: 13. CVE-2013-0074: Microsoft Silverlight Could Allow Remote Code Execution Vulnerability Trending Over Years: 2023 (8 times) It was exploited by 62 Malware 50 Ransomware and was trending in the wild as recently as August 20, 2023. Qualys Vulnerability Detection (QID): 90870 CVE-2013-0074 is a remote code execution vulnerability in Microsoft Silverlight, which permits a crafted Silverlight application to access memory unsafely, thereby leading to the execution of arbitrary code under the current user’s security context. If the user has admin rights, the attacker installs programs, alters or deletes data, or generates new accounts with full privileges. The user can be deceived into visiting a malicious website or clicking on a link, commonly through an email or instant message.

17. Authentication Bypass - Oracle WebLogic Server (CVE-2019-2725) - Urgent [891]

Description: Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Supported versions that are affected are 10.3.6.0.0 and 12.1.3.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

ComponentValueWeightComment
Exploited in the Wild1.018Exploitation in the wild is mentioned on Vulners (AttackerKB object), AttackerKB websites
Public Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([exploitpack] Oracle Weblogic 10.3.6.0.0 12.1.3.0.0 - Remote Code Execution, [saint] Oracle WebLogic Server deserialization remote code execution, [saint] Oracle WebLogic Server deserialization remote code execution, [saint] Oracle WebLogic Server deserialization remote code execution, [zdt] Oracle #Weblogic 10.3.6.0.0 / 12.1.3.0.0 - Remote Code Execution Exploit #RCE, [zdt] Oracle Weblogic Server Deserialization Remote Code Execution Exploit, [packetstorm] Oracle Weblogic Server Deserialization Remote Code Execution, [metasploit] Oracle Weblogic Server Deserialization RCE - AsyncResponseService, [exploitdb] Oracle Weblogic Server - 'AsyncResponseService' Deserialization Remote Code Execution (Metasploit), [exploitdb] Oracle Weblogic 10.3.6.0.0 / 12.1.3.0.0 - Remote Code Execution)
Criticality of Vulnerability Type0.9515Authentication Bypass
Vulnerable Product is Common0.414Unified and extensible platform for developing, deploying and running enterprise applications
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile1.010EPSS Probability is 0.97571, EPSS Percentile is 0.99998

Comment: Qualys Top 20 Most Exploited Vulnerabilities: 18. CVE-2019-2725: Oracle WebLogic Affected by Unauthenticated RCE Vulnerability Vulnerability Trending Over Years: 2019, 2020, 2022, 2023 (53 times) It was exploited by 10 Malware, 4 Threat Actors, 9 Ransomware and was trending in the wild as recently as September 4, 2023. Qualys Vulnerability Detection (QID): 150267, 87386 CVE-2019-2725 is a severe remote code execution vulnerability in Oracle WebLogic Server that allows unauthenticated attackers to execute arbitrary code over a network without user interaction. It was quickly weaponized to install cryptocurrency miners.

18. Denial of Service - Oracle Java SE (CVE-2012-0507) - Urgent [879]

Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Concurrency. NOTE: the previous information was obtained from the February 2012 Oracle CPU. Oracle has not commented on claims from a downstream vendor and third party researchers that this issue occurs because the AtomicReferenceArray class implementation does not ensure that the array is of the Object[] type, which allows attackers to cause a denial of service (JVM crash) or bypass Java sandbox restrictions. NOTE: this issue was originally mapped to CVE-2011-3571, but that identifier was already assigned to a different issue.

ComponentValueWeightComment
Exploited in the Wild1.018Exploitation in the wild is mentioned on Vulners (AttackerKB object), AttackerKB websites
Public Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([saint] Java SE AtomicReferenceArray Unsafe Security Bypass, [saint] Java SE AtomicReferenceArray Unsafe Security Bypass, [saint] Java SE AtomicReferenceArray Unsafe Security Bypass, [saint] Java SE AtomicReferenceArray Unsafe Security Bypass, [seebug] Oracle Java SE i18n子组件远程安全漏洞, [seebug] Java AtomicReferenceArray Type Violation Vulnerability, [seebug] IBM Rational AppScan 8.x/7.x 多个安全漏洞, [packetstorm] Java AtomicReferenceArray Type Violation, [canvas] Immunity Canvas: JAVA_ATOMICREFERENCEARRAY, [metasploit] Java AtomicReferenceArray Type Violation Vulnerability, [exploitdb] Java - AtomicReferenceArray Type Violation (Metasploit))
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Oracle Java SE
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile1.010EPSS Probability is 0.97336, EPSS Percentile is 0.99819

Comment: Qualys Top 20 Most Exploited Vulnerabilities: 14. CVE-2012-0507: Oracle Java SE Remote Java Runtime Environment Vulnerability Vulnerability Trending Over Years: 2023 (10 times) It was exploited by 66 Malware, 3 Threat Actors, and 42 Ransomware and was trending in the wild as recently as July 26, 2023. Qualys Vulnerability Detection (QID): 119956 CVE-2012-0507 is a critical vulnerability in the Java Runtime Environment (JRE) allowing untrusted Java applets to execute arbitrary code outside the Java sandbox. Originating from a flaw in the AtomicReferenceArray class implementation, this vulnerability was exploited by Flashback Trojan in 2012. It was observed to have led to one of the most significant known malware attacks on Apple devices. Attackers can exploit this vulnerability by tricking users into visiting a malicious website hosting a Java applet.

19. Elevation of Privilege - Netlogon Remote Protocol (CVE-2020-1472) - Urgent [877]

Description: An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC), aka 'Netlogon Elevation of Privilege Vulnerability'.

ComponentValueWeightComment
Exploited in the Wild1.018Exploitation in the wild is mentioned on Vulners (AttackerKB object, CISA object, CISA object, CISA object), AttackerKB, AttackerKB websites
Public Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([metasploit] Netlogon Weak Cryptographic Authentication, [zdt] ZeroLogon - Netlogon Elevation of Privilege Exploit, [packetstorm] Zerologon Netlogon Privilege Escalation, [exploitdb] ZeroLogon - Netlogon Elevation of Privilege)
Criticality of Vulnerability Type0.515Elevation of Privilege
Vulnerable Product is Common0.814The Netlogon Remote Protocol is a remote procedure call (RPC) interface that is used for user and machine authentication on domain-based networks
CVSS Base Score1.010CVSS Base Score is 10.0. According to Microsoft data source
EPSS Percentile1.010EPSS Probability is 0.97369, EPSS Percentile is 0.99847

Comment: Qualys Top 20 Most Exploited Vulnerabilities: 5. CVE-2020-1472: Zerologon – An Unauthenticated Privilege Escalation to Full Domain Privileges Vulnerability Trending Over Years: 2020, 2021, 2022, 2023 (56 times) It was exploited by 18 Malware, 16 Threat Actors, 11 Ransomware and was trending in the wild as recently as September 4, 2023. Qualys Vulnerability Detection (QID): 91680 In the “Additional Routinely Exploited Vulnerabilities in 2022” list, published by CISA earlier. CVE-2020-1472, or Zerologon, is a severe vulnerability in Microsoft’s Netlogon Remote Protocol due to a flawed implementation of AES-CFB8 encryption. Using a fixed initialization vector and accepting unencrypted sessions allows an attacker to impersonate a server and compromise the entire Windows domain. The attacker takes control over all the Active Directory identity services.

20. Elevation of Privilege - Microsoft Exchange (CVE-2021-34523) - Urgent [865]

Description: Microsoft Exchange Server Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-33768, CVE-2021-34470.

ComponentValueWeightComment
Exploited in the Wild1.018Exploitation in the wild is mentioned on Vulners (CISA object), AttackerKB websites
Public Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] Microsoft Exchange ProxyShell Remote Code Execution, [metasploit] Microsoft Exchange ProxyShell RCE)
Criticality of Vulnerability Type0.515Elevation of Privilege
Vulnerable Product is Common0.814Microsoft Exchange Server is a mail server and calendaring server developed by Microsoft
CVSS Base Score0.910CVSS Base Score is 9.0. According to Microsoft data source
EPSS Percentile1.010EPSS Probability is 0.97368, EPSS Percentile is 0.9984

Comment: Qualys Top 20 Most Exploited Vulnerabilities: 8. CVE-2021-34473, CVE-2021-34523, CVE-2021-31207: Microsoft Exchange Server RCE (ProxyShell) Vulnerability Trending Over Years: 2021, 2022, 2023 (39 times) It was exploited by 12 Malware, 20 Threat Actors, and 12 Ransomware and was trending in the wild as recently as September 2, 2023. Qualys Vulnerability Detection (QID): 50114, 50111, 50112 In the “Top 12 Routinely Exploited Vulnerabilities in 2022” list, published by CISA earlier. ProxyShell, a chain of vulnerabilities that impacts on-premises Microsoft Exchange Servers, is widely used for email and associated services globally. These vulnerabilities exist in the Microsoft Client Access Service (CAS), typically running on port 443 in IIS, often exposed to the internet to allow users to access their email remotely. This exposure has led to widespread exploitation by threat actors deploying web shells to execute arbitrary code on compromised devices. They allow an actor to bypass authentication and execute code as a privileged user.

21. Path Traversal - Citrix Application Delivery Controller (CVE-2019-19781) - Urgent [842]

Description: An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0. They allow Directory Traversal.

ComponentValueWeightComment
Exploited in the Wild1.018Exploitation in the wild is mentioned on Vulners (AttackerKB object, CISA object), AttackerKB websites
Public Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] Citrix Application Delivery Controller / Gateway Remote Code Execution, [packetstorm] Citrix Application Delivery Controller / Gateway Remote Code Execution / Traversal, [packetstorm] Citrix Application Delivery Controller / Gateway 10.5 Remote Code Execution, [packetstorm] Citrix ADC / Gateway Path Traversal, [packetstorm] Citrix ADC (NetScaler) Directory Traversal / Remote Code Execution, [exploitpack] Citrix Application Delivery Controller and Citrix Gateway - Remote Code Execution, [exploitpack] Citrix Application Delivery Controller and Gateway 10.5 - Remote Code Execution (Metasploit), [exploitpack] Citrix Application Delivery Controller (ADC) and Gateway 13.0 - Path Traversal, [exploitpack] Citrix Application Delivery Controller and Citrix Gateway - Remote Code Execution (PoC), [zdt] Citrix Application Delivery Controller (ADC) and Gateway 13.0 - Path Traversal Exploit, [zdt] Citrix Application Delivery Controller and Citrix Gateway - Remote Code Execution Vulnerability (1), [zdt] Citrix Application Delivery Controller and Gateway 10.5 - Remote Code Execution Exploit, [metasploit] Citrix ADC (NetScaler) Directory Traversal Scanner, [metasploit] Citrix ADC (NetScaler) Directory Traversal RCE, [canvas] Immunity Canvas: NETSCALER_TRAVERSAL_RCE, [exploitdb] Citrix Application Delivery Controller and Citrix Gateway - Remote Code Execution (PoC), [exploitdb] Citrix Application Delivery Controller and Citrix Gateway - Remote Code Execution, [exploitdb] Citrix Application Delivery Controller and Gateway 10.5 - Remote Code Execution (Metasploit), [exploitdb] Citrix Application Delivery Controller (ADC) and Gateway 13.0 - Path Traversal)
Criticality of Vulnerability Type0.415Path Traversal
Vulnerable Product is Common0.714Citrix Application Delivery Controller (ADC) is an advanced load balancer with features that enhance the performance of applications
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile1.010EPSS Probability is 0.97541, EPSS Percentile is 0.9999

Comment: Qualys Top 20 Most Exploited Vulnerabilities: 15. CVE-2019-19781: Citrix ADC and Citrix Gateway – Remote Code Execution (RCE) Vulnerability Vulnerability Trending Over Years: 2020, 2022, 2023 (60 times) It was exploited by 11 Malware, 12 Threat Actors, and 10 Ransomware and was trending in the wild as recently as September 4, 2023. Qualys Vulnerability Detection (QID): 372305, 150273 In the “Additional Routinely Exploited Vulnerabilities in 2022” list, published by CISA earlier. CVE-2019-19781, or “Shitrix,” is a significant vulnerability associated with Citrix Application Delivery Controller (ADC) and Citrix Gateway, allowing unauthenticated attackers to perform arbitrary code execution, granting them access to internal network resources. The flaw resides in the VPN component of the affected products, enabling directory traversal and giving attackers both read and write access to the underlying file system.

22. Path Traversal - FortiOS (CVE-2018-13379) - Urgent [809]

Description: An Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal") in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.3 to 5.6.7 and 5.4.6 to 5.4.12 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 under SSL VPN web portal allows an unauthenticated attacker to download system files via special crafted HTTP resource requests.

ComponentValueWeightComment
Exploited in the Wild1.018Exploitation in the wild is mentioned on Vulners (AttackerKB object, CISA object), AttackerKB websites
Public Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([exploitpack] FortiOS 5.6.3 - 5.6.7 FortiOS 6.0.0 - 6.0.4 - Credentials Disclosure (Metasploit), [exploitpack] FortiOS 5.6.3 - 5.6.7 FortiOS 6.0.0 - 6.0.4 - Credentials Disclosure, [packetstorm] FortiOS 5.6.7 / 6.0.4 Credential Disclosure, [packetstorm] FortiOS 5.6.7 / 6.0.4 Credential Disclosure, [zdt] FortiOS 5.6.3 - 5.6.7 / FortiOS 6.0.0 - 6.0.4 - Credentials Disclosure Exploit (2), [zdt] FortiOS 5.6.3 - 5.6.7 / FortiOS 6.0.0 - 6.0.4 - Credentials Disclosure Exploit, [dsquare] Fortinet FortiGate SSL VPN File Disclosure, [exploitdb] Fortinet FortiOS 5.6.3 - 5.6.7 / FortiOS 6.0.0 - 6.0.4 - Credentials Disclosure, [exploitdb] Fortinet FortiOS 5.6.3 - 5.6.7 / FortiOS 6.0.0 - 6.0.4 - Credentials Disclosure (Metasploit))
Criticality of Vulnerability Type0.415Path Traversal
Vulnerable Product is Common0.514FortiOS is Fortinet's operating system used in their hardware, such as the Fortigate firewall and switches
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile1.010EPSS Probability is 0.97486, EPSS Percentile is 0.99952

Comment: Qualys Top 20 Most Exploited Vulnerabilities: 19. CVE-2018-13379: Fortinet FortiGate (FortiOS) System File Leak through Secure Sockets Layer (SSL) Vulnerability Trending Over Years: 2020, 2021, 2023 (41 times) It was exploited by 6 Malware, 13 Threat Actors, 6 Ransomware and was trending in the wild as recently as August 30, 2023. Qualys Vulnerability Detection (QID): 43702 In the “Top 12 Routinely Exploited Vulnerabilities in 2022” list, published by CISA earlier. CVE-2018-13379 is a path traversal vulnerability found in the Fortinet FortiOS SSL VPN web portal. An unauthenticated attacker can read sensitive system files via specially crafted HTTP requests. The exploit could expose SSL VPN session data, leading to more severe attacks.

Critical (2)

23. Unknown Vulnerability Type - Oracle Java SE (CVE-2012-1723) - Critical [754]

Description: {'ms_cve_data_all': '', 'nvd_cve_data_all': 'Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild1.018Exploitation in the wild is mentioned on Vulners (AttackerKB object), AttackerKB websites
Public Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Java Applet Field Bytecode Verifier Cache Remote Code Execution, [saint] Oracle Java Runtime Hotspot Bytecode Verifier Type Confusion, [saint] Oracle Java Runtime Hotspot Bytecode Verifier Type Confusion, [saint] Oracle Java Runtime Hotspot Bytecode Verifier Type Confusion, [saint] Oracle Java Runtime Hotspot Bytecode Verifier Type Confusion, [metasploit] Java Applet Field Bytecode Verifier Cache Remote Code Execution, [packetstorm] Java Applet Field Bytecode Verifier Cache Remote Code Execution, [exploitdb] Java Applet - Field Bytecode Verifier Cache Remote Code Execution (Metasploit))
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Oracle Java SE
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile1.010EPSS Probability is 0.9716, EPSS Percentile is 0.99707

Comment: Qualys Top 20 Most Exploited Vulnerabilities: 7. CVE-2012-1723: Java Applet Field Bytecode Verifier Cache Remote Code Execution Vulnerability Trending Over Years: 2023 (6 times) It was exploited by 91 Malware, 8 Threat Actors, 41 Ransomware and was trending in the wild as recently as August 17, 2023. Qualys Vulnerability Detection (QID): 120274 CVE-2012-1723 is a substantial vulnerability found in the Java Runtime Environment. It can be exploited through a malicious web page, hosting a rogue Java applet can be exploited through a malicious web page hosting rogue Java applet. The issue, originating from a type-confusion error in the “HotSpot” component, allows untrusted Java applets or applications to bypass the Java sandbox security restrictions and execute arbitrary code on a user’s system

24. Remote Code Execution - Microsoft Office (CVE-2018-0802) - Critical [740]

Description: Equation Editor in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allow a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE is unique from CVE-2018-0797 and CVE-2018-0812.

ComponentValueWeightComment
Exploited in the Wild1.018Exploitation in the wild is mentioned on Vulners (AttackerKB object), AttackerKB, Microsoft websites
Public Exploit Exists017The exploit's existence is NOT mentioned on Vulners and Microsoft websites.
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814Microsoft Office is a suite of applications designed to help with productivity and completing common tasks on a computer
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile1.010EPSS Probability is 0.97389, EPSS Percentile is 0.99869

Comment: Qualys Top 20 Most Exploited Vulnerabilities: 16. CVE-2018-0802: Microsoft Office Memory Corruption Vulnerability Vulnerability Trending Over Years: 2021, 2022, 2023 (19 times) Exploited by 29 Malware 24 Threat Actors, and was trending in the wild as recently as September 2, 2023. Qualys Vulnerability Detection (QID): 110310 CVE-2018-0802 is a critical vulnerability within Microsoft Office and WordPad, which, if exploited, allows remote code execution via specially crafted files. Attackers can run arbitrary code in the current user’s context, potentially taking over the system if the user holds administrative rights. This vulnerability was notably used in targeted attacks and was being actively exploited before Microsoft released a security update in January 2018 that correctly handles objects in memory, resolving the issue.

High (0)

Medium (0)

Low (0)

Exploitation in the wild detected (24)

Remote Code Execution (15)

Arbitrary File Reading (1)

Security Feature Bypass (1)

Authentication Bypass (1)

Denial of Service (1)

Elevation of Privilege (2)

Path Traversal (2)

Unknown Vulnerability Type (1)

Public exploit exists, but exploitation in the wild is NOT detected (0)

Other Vulnerabilities (0)