{"containers": {"cna": {"affected": [{"product": "Microsoft JET Database Engine", "vendor": "Microsoft Corporation", "versions": [{"status": "affected", "version": "Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016"}]}], "datePublic": "2017-10-10T00:00:00", "descriptions": [{"lang": "en", "value": "The Microsoft JET Database Engine in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to take control of an affected system, due to how it handles objects in memory, aka \"Microsoft JET Database Engine Remote Code Execution Vulnerability\". This CVE ID is unique from CVE-2017-8717."}], "problemTypes": [{"descriptions": [{"description": "Remote Code Execution", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-10-14T09:57:01", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8718"}, {"name": "101162", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/101162"}, {"name": "1039527", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1039527"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secure@microsoft.com", "DATE_PUBLIC": "2017-10-10T00:00:00", "ID": "CVE-2017-8718", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Microsoft JET Database Engine", "version": {"version_data": [{"version_value": "Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016"}]}}]}, "vendor_name": "Microsoft Corporation"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Microsoft JET Database Engine in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to take control of an affected system, due to how it handles objects in memory, aka \"Microsoft JET Database Engine Remote Code Execution Vulnerability\". This CVE ID is unique from CVE-2017-8717."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Remote Code Execution"}]}]}, "references": {"reference_data": [{"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8718", "refsource": "CONFIRM", "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8718"}, {"name": "101162", "refsource": "BID", "url": "http://www.securityfocus.com/bid/101162"}, {"name": "1039527", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1039527"}]}}}}, "cveMetadata": {"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2017-8718", "datePublished": "2017-10-10T00:00:00", "dateReserved": "2017-05-03T00:00:00", "dateUpdated": "2017-10-14T09:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "matchCriteriaId": "21540673-614A-4D40-8BD7-3F07723803B0", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*", "matchCriteriaId": "232581CC-130A-4C62-A7E9-2EC9A9364D53", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "matchCriteriaId": "E01A4CCA-4C43-46E0-90E6-3E4DBFBACD64", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*", "matchCriteriaId": "AEE2E768-0F45-46E1-B6D7-087917109D98", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_7:*:sp1:*:*:*:*:*:*", "matchCriteriaId": "7519928D-0FF2-4584-8058-4C7764CD5671", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*", "matchCriteriaId": "A7F51B5F-AA19-4D31-89FA-6DFAC4BA8F0F", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_rt_8.1:*:*:*:*:*:*:*:*", "matchCriteriaId": "197E82CB-81AF-40F1-A55C-7B596891A783", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:sp2:*:*:*:*:*:*", "matchCriteriaId": "0C28897B-044A-447B-AD76-6397F8190177", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*", "matchCriteriaId": "2ACA9287-B475-4AF7-A4DA-A7143CEF9E57", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:*:*", "matchCriteriaId": "80EB5690-B20F-457A-A202-FBADAA17E05C", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*", "matchCriteriaId": "AF6437F9-6631-49D3-A6C2-62329E278E31", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The Microsoft JET Database Engine in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to take control of an affected system, due to how it handles objects in memory, aka \"Microsoft JET Database Engine Remote Code Execution Vulnerability\". This CVE ID is unique from CVE-2017-8717."}, {"lang": "es", "value": "Microsoft JET Database Engine en Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8.1 y RT 8.1, Windows Server 2012 y R2, Windows 10 Gold, 1511, 1607, 1703, y Windows Server 2016 permite que un atacante tome el control de un sistema afectado debido a c\u00f3mo gestiona objetos en la memoria, lo que tambi\u00e9n se conoce como\"Microsoft JET Database Engine Remote Code Execution Vulnerability\". El ID de este CVE es diferente de CVE-2017-8717."}], "id": "CVE-2017-8718", "lastModified": "2017-10-20T12:41:50.390", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-10-13T13:29:02.347", "references": [{"source": "secure@microsoft.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/101162"}, {"source": "secure@microsoft.com", "tags": ["VDB Entry", "Third Party Advisory"], "url": "http://www.securitytracker.com/id/1039527"}, {"source": "secure@microsoft.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8718"}], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}