CVE-2018-8626

CRITICAL

Windows DNS Server - Remote Code Execution via Heap Overflow

Title source: llm
STIX 2.1

Description

A remote code execution vulnerability exists in Windows Domain Name System (DNS) servers when they fail to properly handle requests, aka "Windows DNS Server Heap Overflow Vulnerability." This affects Windows Server 2012 R2, Windows Server 2019, Windows Server 2016, Windows 10, Windows 10 Servers.

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/106076

Scores

CVSS v3 9.8
EPSS 0.2112
EPSS Percentile 97.3%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-787
Status published
Products (9)
microsoft/windows_10 1607
microsoft/windows_10 1709
microsoft/windows_10 1803
microsoft/windows_10 1809
microsoft/windows_server_2012 r2
microsoft/windows_server_2016
microsoft/windows_server_2016 1709
microsoft/windows_server_2016 1803
microsoft/windows_server_2019
Published Dec 12, 2018
Tracked Since Feb 18, 2026