CVE-2018-8414

HIGH KEV

Windows Shell < - RCE

Title source: llm

Description

A remote code execution vulnerability exists when the Windows Shell does not properly validate file paths, aka "Windows Shell Remote Code Execution Vulnerability." This affects Windows 10 Servers, Windows 10.

Exploits (1)

nomisec WRITEUP 22 stars

by whereisr0da · client-side

https://github.com/whereisr0da/CVE-2018-8414-POC

View Code ZIP pw:eip

References (4)

[Broken Link, Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/105016

[Broken Link, Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1041458

[Patch, Vendor Advisory] https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8414

[US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-8414

Scores

CVSS v3 8.8

EPSS 0.8793

EPSS Percentile 99.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CISA KEV 2022-03-25

VulnCheck KEV 2018-08-14

InTheWild.io 2018-08-14

ENISA EUVD EUVD-2018-20051

CWE

CWE-20

Status published

Products (5)

microsoft/windows_10_1703 (2 CPE variants)

microsoft/windows_10_1709 (2 CPE variants)

microsoft/windows_10_1803 (2 CPE variants)

microsoft/windows_server_1709

microsoft/windows_server_1803

Published Aug 15, 2018

KEV Added Mar 25, 2022

Tracked Since Feb 18, 2026