Is CVE-2018-0866 known to be exploited?

10 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Microsoft Corporation Internet Explorer

CVE-2018-0866

Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to…

EPSS: 0.668 (98.6th percentile) — read the EPSS interpretation.

Affected products

Microsoft Corporation Internet Explorer — versions Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016.

Public proof-of-concept exploits

References

103032 (vdb-entry, x_refsource_BID)
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0866 (x_refsource_CONFIRM)
44153 (exploit, x_refsource_EXPLOIT-DB)
1040372 (vdb-entry, x_refsource_SECTRACK)
1040369 (vdb-entry, x_refsource_SECTRACK)

Frequently asked questions

What is CVE-2018-0866?: CVE-2018-0866 is a vulnerability in Microsoft Corporation Internet Explorer. Published 2018-02-15.
Is CVE-2018-0866 known to be exploited?: 10 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.