Vulnerabilities > CVE-2018-8531 - Out-of-bounds Write vulnerability in Microsoft products

CVSS 9.3 - CRITICAL

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

microsoft

CWE-787

critical

NVD

Published: 2018-10-10

Updated: 2020-08-24

Summary

A remote code execution vulnerability exists in the way that Azure IoT Hub Device Client SDK using MQTT protocol accesses objects in memory, aka "Azure IoT Device Client SDK Memory Corruption Vulnerability." This affects Hub Device Client SDK, Azure IoT Edge.

Vulnerable Configurations

Part	Description	Count
Application	Microsoft Microsoft Azure Internet OF Things Edge - Microsoft Csharp Software Development KIT *	2

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

The Hacker News

id	THN:C3FF55EFF6D358D430A376476FE270D4
last seen	2018-10-09
modified	2018-10-09
published	2018-10-09
reporter	The Hacker News
source	https://thehackernews.com/2018/10/microsoft-windows-update.html
title	Microsoft October Patch Tuesday Fixes 12 Critical Vulnerabilities

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

The Hacker News

References