### [CVE-2018-8174](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8174) ![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Servers&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Windows%2010&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Windows%207&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Windows%208.1&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Windows%20RT%208.1&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202008%20R2&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202008&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202012%20R2&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202012&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202016&color=blue) ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) ![](https://img.shields.io/static/v1?label=Vulnerability&message=Remote%20Code%20Execution&color=brighgreen) ### Description A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka "Windows VBScript Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. ### POC #### Reference - https://blog.0patch.com/2018/05/a-single-instruction-micropatch-for.html - https://blog.0patch.com/2018/05/a-single-instruction-micropatch-for.html - https://www.exploit-db.com/exploits/44741/ - https://www.exploit-db.com/exploits/44741/ #### Github - https://github.com/0x09AL/CVE-2018-8174-msf - https://github.com/0xT11/CVE-POC - https://github.com/1120362990/Paper - https://github.com/14u9h/Test_script - https://github.com/1o24er/RedTeam - https://github.com/20142995/sectool - https://github.com/5l1v3r1/rtfkit - https://github.com/ARPSyndicate/cvemon - https://github.com/Al1ex/Red-Team - https://github.com/Apri1y/Red-Team-links - https://github.com/BugBlocker/lotus-scripts - https://github.com/CVEDB/PoC-List - https://github.com/CVEDB/awesome-cve-repo - https://github.com/CVEDB/top - https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections - https://github.com/Echocipher/Resource-list - https://github.com/GhostTroops/TOP - https://github.com/HacTF/poc--exp - https://github.com/InQuest/yara-rules - https://github.com/JERRY123S/all-poc - https://github.com/KasperskyLab/VBscriptInternals - https://github.com/MrTcsy/Exploit - https://github.com/Ondrik8/RED-Team - https://github.com/Ostorlab/KEV - https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors - https://github.com/Panopticon-Project/panopticon-DarkHotel - https://github.com/RingLcy/VulnerabilityAnalysisAndExploit - https://github.com/SyFi/CVE-2018-8174 - https://github.com/Yt1g3r/CVE-2018-8174_EXP - https://github.com/alphaSeclab/sec-daily-2019 - https://github.com/avboy1337/Vulnerabilities - https://github.com/bb33bb/Vulnerabilities - https://github.com/cyberanand1337x/bug-bounty-2022 - https://github.com/dk47os3r/hongduiziliao - https://github.com/emtee40/APT_CyberCriminal_Campagin_Collections - https://github.com/eric-erki/APT_CyberCriminal_Campagin_Collections - https://github.com/ericisnotrealname/CVE-2018-8174_EXP - https://github.com/haginara/msrc-python - https://github.com/hasee2018/Safety-net-information - https://github.com/hectorgie/PoC-in-GitHub - https://github.com/hktalent/TOP - https://github.com/hongriSec/Growth-Diary - https://github.com/hudunkey/Red-Team-links - https://github.com/iwarsong/apt - https://github.com/jbmihoub/all-poc - https://github.com/joewux/Exploit - https://github.com/john-80/-007 - https://github.com/landscape2024/RedTeam - https://github.com/likescam/APT_CyberCriminal_Campagin_Collections - https://github.com/likescam/CVE-2018-8174-msf - https://github.com/likescam/CyberMonitor-APT_CyberCriminal_Campagin_Collections - https://github.com/lisinan988/CVE-2018-8174-exp - https://github.com/lnick2023/nicenice - https://github.com/lp008/Hack-readme - https://github.com/nobiusmallyu/kehai - https://github.com/orf53975/Rig-Exploit-for-CVE-2018-8174 - https://github.com/piotrflorczyk/cve-2018-8174_analysis - https://github.com/qazbnm456/awesome-cve-poc - https://github.com/qq431169079/HackTool - https://github.com/rusty-sec/lotus-scripts - https://github.com/ruthlezs/ie11_vbscript_exploit - https://github.com/slimdaddy/RedTeam - https://github.com/sumas/APT_CyberCriminal_Campagin_Collections - https://github.com/svbjdbk123/- - https://github.com/twensoo/PersistentThreat - https://github.com/washgo/HackTool - https://github.com/wateroot/poc-exp - https://github.com/weeka10/-hktalent-TOP - https://github.com/whiterabb17/TigerShark - https://github.com/wrlu/Vulnerabilities - https://github.com/xbl3/awesome-cve-poc_qazbnm456 - https://github.com/xiaoZ-hc/redtool - https://github.com/yut0u/RedTeam-BlackBox