How severe is CVE-2018-8284?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.1 out of 10.

What type of vulnerability is CVE-2018-8284?

This is classified as CWE-94, which is a common weakness in software security.

CVE-2018-8284

HIGH Year: 2018

CVSS v3 Score

8.1

High

CVSS v2 Score

9.3

Critical

Weakness Type

CWE-94

View all →

Vulnerability Description

A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly, aka ".NET Framework Remote Code Injection Vulnerability." This affects Microsoft .NET Framework 2.0, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.6, Microsoft .NET Framework 4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.7.1/4.7.2, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 4.7.2.

CVE-2009-2529

HIGH

CVSS:8.1(High)

Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, 7, and 8 does not properly handle argument validation for unspecified variables, which allows remote attackers to execute arbitrary code via a crafted H...

CWE-942009

CVE-2010-0248

HIGH

CVSS:8.1(High)

Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly init...

CWE-942010

CVE-2010-0492

HIGH

CVSS:8.1(High)

Use-after-free vulnerability in mstime.dll in Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code via vectors related to the TIME2 behavior, the CTimeAction object, and des...

CWE-942010

CVE-2012-1879

HIGH

CVSS:8.1(High)

Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by attempting to access an undefined memory location, aka "i...

CWE-942012

CVE-2013-0810

HIGH

CVSS:8.1(High)

Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, and Windows Server 2008 SP2 allow remote attackers to execute arbitrary code via a crafted screensaver in a theme file, ak...

CWE-942013

CVE-2013-2115

HIGH

CVSS:8.1(High)

Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A...

CWE-942013

CVE-2018-8284

Vulnerability Description

Related Vulnerabilities

CVE-2009-2529

CVE-2010-0248

CVE-2010-0492

CVE-2012-1879

CVE-2013-0810

CVE-2013-2115