CVE-2018-8495

HIGH

Windows Shell - RCE

Title source: llm

Description

A remote code execution vulnerability exists when Windows Shell improperly handles URIs, aka "Windows Shell Remote Code Execution Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers.

Exploits (1)

nomisec WRITEUP 11 stars

by whereisr0da · poc

https://github.com/whereisr0da/CVE-2018-8495-POC

View Code ZIP pw:eip

References (3)

Core 3

Core References

Exploit, Third Party Advisory x_refsource_misc

https://leucosite.com/Microsoft-Edge-RCE/

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/105461

Patch, Vendor Advisory x_refsource_confirm

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8495

Scores

CVSS v3 7.5

EPSS 0.5891

EPSS Percentile 98.2%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-22

Status published

Products (7)

microsoft/windows_10 1607

microsoft/windows_10 1703

microsoft/windows_10 1709

microsoft/windows_10 1803

microsoft/windows_server_2016

microsoft/windows_server_2016 1709

microsoft/windows_server_2016 1803

Published Oct 10, 2018

Tracked Since Feb 18, 2026