9.3
CVE-2018-8414
- EPSS 87.83%
- Veröffentlicht 15.08.2018 17:29:10
- Zuletzt bearbeitet 04.04.2025 20:28:11
- Quelle secure@microsoft.com
- Teams Watchlist Login
- Unerledigt Login
A remote code execution vulnerability exists when the Windows Shell does not properly validate file paths, aka "Windows Shell Remote Code Execution Vulnerability." This affects Windows 10 Servers, Windows 10.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Microsoft ≫ Windows 10 1703 Version- HwPlatformx64
Microsoft ≫ Windows 10 1703 Version- HwPlatformx86
Microsoft ≫ Windows 10 1709 Version- HwPlatformx64
Microsoft ≫ Windows 10 1709 Version- HwPlatformx86
Microsoft ≫ Windows 10 1803 Version- HwPlatformx64
Microsoft ≫ Windows 10 1803 Version- HwPlatformx86
Microsoft ≫ Windows Server 1709 Version- HwPlatformx64
Microsoft ≫ Windows Server 1803 Version- HwPlatformx64
25.03.2022: CISA Known Exploited Vulnerabilities (KEV) Catalog
Microsoft Windows Shell Remote Code Execution Vulnerability
SchwachstelleA remote code execution vulnerability exists when the Windows Shell does not properly validate file paths.
BeschreibungApply updates per vendor instructions.
Erforderliche Maßnahmen| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 87.83% | 0.995 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 9.3 | 8.6 | 10 |
AV:N/AC:M/Au:N/C:C/I:C/A:C
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.