FortiClient VulnerabilityInternet Explorer CVE-2018-8619 Remote Code Execution Vulnerability
Description
A remote code execution vulnerability exists when the Internet Explorer VBScript execution policy does not properly restrict VBScript under specific conditions. An attacker who exploited the vulnerability could run arbitrary code with medium-integrity level privileges (the permissions of the current user). In a web-based attack scenario, an attacker could host a website in an attempt to exploit this vulnerability. In addition, compromised websites and websites that accept or host user-provided content could contain specially crafted content that could exploit the vulnerability. However, in all cases, an attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action. For example, an attacker could trick users into clicking a link that takes them to the attacker's site. The update addresses the vulnerability by fixing how the Internet Explorer VBScript execution policy validates embedded VBScript content.
Affected Applications
Internet Explorer 9
Internet Explorer 11
Internet Explorer 10
CVE References
CVE-2018-8619Other References
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2018-8619| ID | 56046 |
| Created | Dec 11, 2018 |
| Description Updated |
Dec 21, 2023 |
| Risk |
|
| Coverage | FortiClient |
| OS | Windows |
| Vendor | Microsoft |
| Patch | auto |
| Application | Internet Explorer 9 , Internet Explorer 11 , Internet Explorer 10 |