CVE-2018-0824
HIGH KEVMicrosoft Windows 10 1507 - Insecure Deserialization
Title source: ruleDescription
A remote code execution vulnerability exists in "Microsoft COM for Windows" when it fails to properly handle serialized objects, aka "Microsoft COM for Windows Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
Exploits (2)
References (5)
Core 5
Core References
US Government Resource
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-0824
Broken Link, Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1040848
Exploit, Third Party Advisory, VDB Entry exploit
x_refsource_exploit-db
https://www.exploit-db.com/exploits/44906/
Broken Link, Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/104030
Patch, Vendor Advisory x_refsource_confirm
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0824
Scores
CVSS v3
8.8
EPSS
0.9064
EPSS Percentile
99.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
active
Automatable
no
Technical Impact
total
Details
CISA KEV
2024-08-05
VulnCheck KEV
2024-08-01
InTheWild.io
2024-08-05
ENISA EUVD
EUVD-2018-1629
CWE
CWE-502
Status
published
Products (15)
microsoft/windows_10_1507
microsoft/windows_10_1607
microsoft/windows_10_1703
microsoft/windows_10_1709
microsoft/windows_10_1803
microsoft/windows_7
microsoft/windows_8.1
microsoft/windows_rt_8.1
microsoft/windows_server_1709
microsoft/windows_server_1803
... and 5 more
Published
May 09, 2018
KEV Added
Aug 05, 2024
Tracked Since
Feb 18, 2026