CVE-2018-8626
CRITICALWindows DNS Server - Remote Code Execution via Heap Overflow
Title source: llmDescription
A remote code execution vulnerability exists in Windows Domain Name System (DNS) servers when they fail to properly handle requests, aka "Windows DNS Server Heap Overflow Vulnerability." This affects Windows Server 2012 R2, Windows Server 2019, Windows Server 2016, Windows 10, Windows 10 Servers.
References (2)
Core 2
Core References
Patch, Vendor Advisory x_refsource_confirm
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8626
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/106076
Scores
CVSS v3
9.8
EPSS
0.2112
EPSS Percentile
97.3%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-787
Status
published
Products (9)
microsoft/windows_10
1607
microsoft/windows_10
1709
microsoft/windows_10
1803
microsoft/windows_10
1809
microsoft/windows_server_2012
r2
microsoft/windows_server_2016
microsoft/windows_server_2016
1709
microsoft/windows_server_2016
1803
microsoft/windows_server_2019
Published
Dec 12, 2018
Tracked Since
Feb 18, 2026