Security Updates for Microsoft Publisher Products (June 2018)

High Nessus Plugin ID 110500


The Microsoft Publisher Products are missing a security update.


The Microsoft Publisher Products are missing a security update. It is, therefore, affected by the following vulnerability :

- An elevation of privilege vulnerability exists when Microsoft Publisher fails to utilize features that lock down the Local Machine zone when instantiating OLE objects. An attacker who successfully exploited the vulnerability could force arbitrary code to be executed in the Local Machine zone. (CVE-2018-8245)


Microsoft has released KB4011186 to address this issue.

See Also

Plugin Details

Severity: High

ID: 110500

File Name: smb_nt_ms18_jun_publisher.nasl

Version: 1.3

Type: local

Agent: windows

Published: 2018/06/12

Updated: 2018/06/14

Dependencies: 13855, 27524, 57033

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS v3.0

Base Score: 9.6

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Vulnerability Information

CPE: cpe:/a:microsoft:publisher

Required KB Items: SMB/MS_Bulletin_Checks/Possible

Patch Publication Date: 2018/06/12

Vulnerability Publication Date: 2018/06/12

Reference Information

CVE: CVE-2018-8245

MSKB: 4011186

MSFT: MS18-4011186

IAVA: 2018-A-0191