CVE-2018-8349

HIGH

Microsoft COM for Windows - RCE

Title source: llm

Description

A remote code execution vulnerability exists in "Microsoft COM for Windows" when it fails to properly handle serialized objects, aka "Microsoft COM for Windows Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.

References (3)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/104984

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1041466

[Vendor Advisory] https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8349

Scores

CVSS v3 8.8

EPSS 0.3126

EPSS Percentile 96.7%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Classification

CWE

CWE-502

Status published

Affected Products (16)

microsoft/windows_10

microsoft/windows_7

microsoft/windows_8.1

microsoft/windows_rt_8.1

microsoft/windows_server_2008

microsoft/windows_server_2012

microsoft/windows_server_2016

... and 1 more

Timeline

Published Aug 15, 2018

Tracked Since Feb 18, 2026