CVE-2018-8414

HIGH KEV

Windows 10 1703, 1709, 1803 and Windows Server 1709, 1803 - Remote Code Execution via Improper File Path Validation

Title source: llm

Exploitation Summary

CVE-2018-8414 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added March 25, 2022. EIP tracks 1 public exploit from researchers including whereisr0da.

AI-analyzed exploit summary This repository provides a writeup for CVE-2018-8414, a Windows Shell Package Setting Remote Code Execution Vulnerability affecting Windows 10 and Server versions 1703 to 1803. It includes details on exploitation conditions and references to Microsoft's advisory.

Description

A remote code execution vulnerability exists when the Windows Shell does not properly validate file paths, aka "Windows Shell Remote Code Execution Vulnerability." This affects Windows 10 Servers, Windows 10.

Exploits (1)

nomisec WRITEUP 22 stars

by whereisr0da · client-side

https://github.com/whereisr0da/CVE-2018-8414-POC

View Code ZIP pw:eip

This repository provides a writeup for CVE-2018-8414, a Windows Shell Package Setting Remote Code Execution Vulnerability affecting Windows 10 and Server versions 1703 to 1803. It includes details on exploitation conditions and references to Microsoft's advisory.

Classification

Writeup 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Theoretical

Target: Windows 10 Version 1703 to 1803, Windows Server Version 1709 to 1803

No auth needed

Prerequisites: Access to the target system's file system · Ability to place a malicious file in the Package Settings directory

MITRE ATT&CK

T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

US Government Resource

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-8414

Patch, Vendor Advisory x_refsource_confirm

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8414

Broken Link, Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/105016

Broken Link, Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1041458

Scores

CVSS v3 8.8

EPSS 0.7397

EPSS Percentile 99.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation active

Automatable no

Technical Impact total

Details

CISA KEV 2022-03-25

VulnCheck KEV 2018-08-14

InTheWild.io 2018-08-14

ENISA EUVD EUVD-2018-20051

CWE

CWE-20

Status published

Products (5)

microsoft/windows_10_1703 (2 CPE variants)

microsoft/windows_10_1709 (2 CPE variants)

microsoft/windows_10_1803 (2 CPE variants)

microsoft/windows_server_1709

microsoft/windows_server_1803

Published Aug 15, 2018

KEV Added Mar 25, 2022

Tracked Since Feb 18, 2026