Researchers have come across a new exploit in the wild that takes advantage of the previously reported and patched use-after-free vulnerability CVE-2018-8373 that was found in Microsoft’s Intenet Explorer.
Trend Micro found those using older versions of Internet Explorer are vulnerable. The difference between CVE-2018-8373, which was patched in August, is that instead of modifying the CONTEXT structure of NtContinue to execute shellcode "new sample obtains execution permission from Shell.Application by modifying the SafeMode flag in the VBScript Engine" in a manner similar to that of the older vulnerabilities CVE-2014-6332 and CVE-2016-0189.
According to a Microsoft’s advisory on CVE-2018-8373, attackers can exploit the bug to execute arbitrary code and gain the same rights as the current user. If that user has admin privileges, then the attackers could hijack the affected system and subsequently install programs, view or alter data, or create new accounts with full user rights.