Security Updates for Microsoft Publisher Products (June 2018)

High Nessus Plugin ID 110500

Synopsis

The Microsoft Publisher Products are missing a security update.

Description

The Microsoft Publisher Products are missing a security update. It is, therefore, affected by the following vulnerability :

- An elevation of privilege vulnerability exists when Microsoft Publisher fails to utilize features that lock down the Local Machine zone when instantiating OLE objects. An attacker who successfully exploited the vulnerability could force arbitrary code to be executed in the Local Machine zone. (CVE-2018-8245)

Solution

Microsoft has released KB4011186 to address this issue.

See Also

http://www.nessus.org/u?21387e8c

Plugin Details

Severity: High

ID: 110500

File Name: smb_nt_ms18_jun_publisher.nasl

Version: 1.3

Type: local

Agent: windows

Published: 2018/06/12

Modified: 2018/06/14

Dependencies: 57033, 27524, 13855

Risk Information

Risk Factor: High

CVSSv2

Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSSv3

Base Score: 9.6

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Vulnerability Information

CPE: cpe:/a:microsoft:publisher

Required KB Items: SMB/MS_Bulletin_Checks/Possible

Patch Publication Date: 2018/06/12

Vulnerability Publication Date: 2018/06/12

Reference Information

CVE: CVE-2018-8245

MSKB: 4011186

MSFT: MS18-4011186

IAVA: 2018-A-0191