CVE-2018-8495

HIGH

Windows 10 and Windows Server 2016 - Remote Code Execution via URI Handling

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-8495. PoCs published by whereisr0da.

AI-analyzed exploit summary This repository contains a README referencing a proof-of-concept for CVE-2018-8495, a Microsoft Edge Remote Code Execution vulnerability. It links to an external source for details but does not include actual exploit code.

Description

A remote code execution vulnerability exists when Windows Shell improperly handles URIs, aka "Windows Shell Remote Code Execution Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers.

Exploits (1)

nomisec WRITEUP 11 stars
by whereisr0da · poc
https://github.com/whereisr0da/CVE-2018-8495-POC

This repository contains a README referencing a proof-of-concept for CVE-2018-8495, a Microsoft Edge Remote Code Execution vulnerability. It links to an external source for details but does not include actual exploit code.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Theoretical
Reliability
Theoretical
Target: Microsoft Edge
No auth needed
Prerequisites: Victim must visit a malicious website using Microsoft Edge
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit, Third Party Advisory x_refsource_misc
https://leucosite.com/Microsoft-Edge-RCE/
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/105461

Scores

CVSS v3 7.5
EPSS 0.5580
EPSS Percentile 98.9%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-22
Status published
Products (7)
microsoft/windows_10 1607
microsoft/windows_10 1703
microsoft/windows_10 1709
microsoft/windows_10 1803
microsoft/windows_server_2016
microsoft/windows_server_2016 1709
microsoft/windows_server_2016 1803
Published Oct 10, 2018
Tracked Since Feb 18, 2026