Security Updates for Microsoft Publisher Products (June 2018)

High Nessus Plugin ID 110500

Synopsis

The Microsoft Publisher Products are missing a security update.

Description

The Microsoft Publisher Products are missing a security
update. It is, therefore, affected by the following
vulnerability :

- An elevation of privilege vulnerability exists when
Microsoft Publisher fails to utilize features that lock
down the Local Machine zone when instantiating OLE
objects. An attacker who successfully exploited the
vulnerability could force arbitrary code to be executed
in the Local Machine zone. (CVE-2018-8245)

Solution

Microsoft has released KB4011186 to address this issue.

See Also

http://www.nessus.org/u?21387e8c

Plugin Details

Severity: High

ID: 110500

File Name: smb_nt_ms18_jun_publisher.nasl

Version: 1.3

Type: local

Agent: windows

Published: 2018/06/12

Modified: 2018/06/14

Dependencies: 57033, 27524, 13855

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS v3.0

Base Score: 9.6

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Vulnerability Information

CPE: cpe:/a:microsoft:publisher

Patch Publication Date: 2018/06/12

Vulnerability Publication Date: 2018/06/12

Reference Information

CVE: CVE-2018-8245

MSKB: 4011186

MSFT: MS18-4011186

IAVA: 2018-A-0191