Vulnerabilities > CVE-2018-8531 - Out-of-bounds Write vulnerability in Microsoft products

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

microsoft

CWE-787

NVD

Published: 2018-10-10

Updated: 2020-08-24

Summary

A remote code execution vulnerability exists in the way that Azure IoT Hub Device Client SDK using MQTT protocol accesses objects in memory, aka "Azure IoT Device Client SDK Memory Corruption Vulnerability." This affects Hub Device Client SDK, Azure IoT Edge.

Vulnerable Configurations

Part	Description	Count
Application	Microsoft Microsoft Azure Internet OF Things Edge - Microsoft Csharp Software Development KIT *	2

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

The Hacker News

id	THN:C3FF55EFF6D358D430A376476FE270D4
last seen	2018-10-09
modified	2018-10-09
published	2018-10-09
reporter	The Hacker News
source	https://thehackernews.com/2018/10/microsoft-windows-update.html
title	Microsoft October Patch Tuesday Fixes 12 Critical Vulnerabilities

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

The Hacker News

References