CVE-2018-8174

ENISA EUVD: EUVD-2018-19844 ↗

Exploited in the Wild ✓ Confirmed 0-Day ★ Google Project Zero

Triaged: March 5, 2026 7 articles

VulnLookup ↗ NVD ↗ EUVD ↗ MITRE ↗ Advisory ↗ P0 Sheet ↗ CISA KEV ↗

EPSS Score

Source: FIRST.org · 2026-05-24

94.28%

probability

This CVE has a 94.28% probability of being exploited in the next 30 days.

0% Top 99.9th percentile of all CVEs 100%

CVSS v3.1

Source: NVD

7.5

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Description

Project Zero

Use-after-free in VBScriptClass::Release

Affected Products

Attack Intelligence

CWE-118 · Incorrect Access of Indexable Resource ('Range Error') CWE-119 · Buffer Overflow CWE-664 · Improper Control of a Resource Through its Lifetime CWE-787 · Out-of-bounds Write

Google Project Zero

Patched

May 8, 2018

Reported by

Dan Lutas of Bitdefender, Ding Maoyin of Qihoo 360 Core Security, Anton Ivanov of Kaspersky Lab, Song Shenlei of Qihoo 360 Core Security, Anonymous working with Trend Micro's Zero Day Initiative, Simon Zuckerbraun working with Trend Micro's Zero Day Initiative, Yang Kang of Qihoo 360 Core Security, Jinquan of Qihoo 360 Core Security, Vladislav Stolyarov of Kaspersky Lab

Root Cause Analysis

???

Exploits & PoC

0x09AL/CVE-2018-8174-msf

CVE-2018-8174 - VBScript memory corruption exploit.

169

Yt1g3r/CVE-2018-8174_EXP

CVE-2018-8174_python

141

ruthlezs/ie11_vbscript_exploit

Exploit Generator for CVE-2018-8174 & CVE-2019-0768 (RCE via VBScript Execution in IE11)

SyFi/CVE-2018-8174

MS Word MS WordPad via IE VBS Engine RCE

likekabin/CVE-2018-8174-msf

PoC CVE-2018-8174 — likekabin/CVE-2018-8174-msf

ericisnotrealname/CVE-2018-8174_EXP

PoC CVE-2018-8174 — ericisnotrealname/CVE-2018-8174_EXP

6 repos — triés par ⭐ Rechercher sur GitHub ↗

Qualys Top 20 Most Exploited Vulnerabilities

Qualys Sep 04, 2023

Microsoft May 2018 Patch Tuesday Fixes 67 Security Issues, Including IE Zero-Day

BleepingComputer May 08, 2018

Zero-Day In Microsoft's VBScript Engine Used By Darkhotel APT

BleepingComputer Aug 18, 2018

That IE Zero-Day From May Needed a Second Patch in July

BleepingComputer Jul 23, 2018

Microsoft Patches Two Zero-Day Flaws Under Active Attack

TheHackerNews

IE Zero-Day Adopted by RIG Exploit Kit After Publication of PoC Code

BleepingComputer Jun 01, 2018

May 2018 Patch Tuesday – Medium Weight, However One Active Exploit Needs Attention

Qualys May 08, 2018

Signal Intelligence

Confidenceⓘ

95%

EPSS 94.28%

CVSS v3.1 7.5

Mentions 7

Last Seen Sep 04, 2023

CNA Information

Analyst Note

Auto-imported from Google Project Zero — confirmed zero-day by definition.

Threat Actors 50

MuddyWater

apt_group Information theft and espionage 🇮🇷 IR

Lazarus Group

apt_group Information theft and espionage 🇰🇵 KP

Turla Group

apt_group Information theft and espionage Russian Federation

APT 29

apt_group Information theft and espionage 🇷🇺 RU

DarkHotel

apt_group Information theft and espionage 🇰🇷 KR

Cobalt

apt_group Financial crime 🇷🇺 RU

APT37

apt_group Information theft and espionage 🇰🇵 KP

FIN7

apt_group Financial crime 🇷🇺 RU

APT32

apt_group Information theft and espionage 🇻🇳 VN

CHRYSENE

apt_group Information theft and espionage 🇮🇷 IR

Careto

apt_group Information theft and espionage 🇪🇸 ES

Leviathan

apt_group Information theft and espionage 🇨🇳 CN

BelialDemon

apt_group 🇷🇺 RU

Energetic Bear

apt_group Information theft and espionage 🇷🇺 RU

FusionCore

apt_group 🇪🇺 EU

Nitro

apt_group Information theft and espionage 🇨🇳 CN

MAGNALLIUM

apt_group Sabotage and destruction 🇮🇷 IR

Ice Fog

apt_group Information theft and espionage 🇨🇳 CN

DNSpionage

apt_group Information theft and espionage 🇮🇷 IR

Kinsing

apt_group 🇷🇺 RU

HAZY TIGER

apt_group Information theft and espionage 🇮🇳 IN

Infy

apt_group Information theft and espionage 🇮🇷 IR

Naikon

apt_group Information theft and espionage 🇨🇳 CN

Wekby

apt_group Information theft and espionage 🇨🇳 CN

Evilnum

apt_group Information theft and espionage

TeamTNT

apt_group 🇩🇪 DE

ProjectSauron

apt_group Information theft and espionage 🇺🇸 US

Camaro Dragon

apt_group Information theft and espionage 🇨🇳 CN

Predatory Sparrow

apt_group Sabotage and destruction 🇮🇱 IL

PROMETHIUM

apt_group Information theft and espionage 🇹🇷 TR

TA428

apt_group Information theft and espionage 🇨🇳 CN

Silence group

apt_group Financial crime 🇷🇺 RU

Pirate Panda

apt_group Information theft and espionage 🇨🇳 CN

GhostNet

apt_group Information theft and espionage 🇨🇳 CN

RAZOR TIGER

apt_group Information theft and espionage 🇮🇳 IN

Putter Panda

apt_group Information theft and espionage 🇨🇳 CN

NetTraveler

apt_group Information theft and espionage 🇨🇳 CN

El Machete

apt_group Information theft and espionage 🇻🇪 VE

TeamXRat

apt_group 🇧🇷 BR

IXESHE

apt_group Information theft and espionage 🇨🇳 CN

Anchor Panda

apt_group Information theft and espionage 🇨🇳 CN

GCMAN

apt_group Financial crime 🇷🇺 RU

PowerPool

apt_group Information theft and espionage 🇷🇺 RU

Blue Termite

apt_group Information theft and espionage 🇨🇳 CN

Blackgear

apt_group Information theft and espionage 🇨🇳 CN

GC01

apt_group Financial gain 🇨🇦 CA

Rocke

apt_group 🇨🇳 CN

RedAlpha

apt_group Information theft and espionage 🇨🇳 CN

Scarab

apt_group Information theft and espionage 🇨🇳 CN

ZooPark

apt_group Information theft and espionage 🇮🇷 IR

Triage Info

Decided atMar 05, 2026