CVE-2018-0824

HIGH KEV

Microsoft Windows - Remote Code Execution via Untrusted Object Deserialization

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2018-0824 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added August 5, 2024. EIP tracks 2 public exploits from researchers including Code White, codewhitesec.

AI-analyzed exploit summary The provided content is a technical writeup discussing CVE-2018-0824, a vulnerability in Microsoft COM for Windows related to improper handling of serialized objects. It includes a link to a detailed analysis and a proof-of-concept exploit hosted externally.

Description

A remote code execution vulnerability exists in "Microsoft COM for Windows" when it fails to properly handle serialized objects, aka "Microsoft COM for Windows Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.

Exploits (2)

exploitdb WRITEUP
by Code White · textlocalwindows
https://www.exploit-db.com/exploits/44906

The provided content is a technical writeup discussing CVE-2018-0824, a vulnerability in Microsoft COM for Windows related to improper handling of serialized objects. It includes a link to a detailed analysis and a proof-of-concept exploit hosted externally.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Theoretical
Target: Microsoft COM for Windows
No auth needed
Prerequisites: User interaction to open a specially crafted file
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec WORKING POC 88 stars
by codewhitesec · local
https://github.com/codewhitesec/UnmarshalPwn

This repository contains a proof-of-concept exploit for CVE-2018-0824, a deserialization vulnerability in Microsoft COM for Windows. The exploit demonstrates how to manipulate the unmarshaling process to achieve arbitrary code execution.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Microsoft COM for Windows
No auth needed
Prerequisites: Access to a vulnerable Windows system with COM enabled
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Broken Link, Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1040848
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/44906/
Broken Link, Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/104030

Scores

CVSS v3 8.8
EPSS 0.7347
EPSS Percentile 99.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation active
Automatable no
Technical Impact total

Details

CISA KEV 2024-08-05
VulnCheck KEV 2024-08-01
InTheWild.io 2024-08-05
ENISA EUVD EUVD-2018-1629
CWE
CWE-502
Status published
Products (15)
microsoft/windows_10_1507
microsoft/windows_10_1607
microsoft/windows_10_1703
microsoft/windows_10_1709
microsoft/windows_10_1803
microsoft/windows_7
microsoft/windows_8.1
microsoft/windows_rt_8.1
microsoft/windows_server_1709
microsoft/windows_server_1803
... and 5 more
Published May 09, 2018
KEV Added Aug 05, 2024
Tracked Since Feb 18, 2026