9.3
CVE-2018-8414
- EPSS 87.83%
- Published 15.08.2018 17:29:10
- Last modified 04.04.2025 20:28:11
- Source secure@microsoft.com
- Teams watchlist Login
- Open Login
A remote code execution vulnerability exists when the Windows Shell does not properly validate file paths, aka "Windows Shell Remote Code Execution Vulnerability." This affects Windows 10 Servers, Windows 10.
Data is provided by the National Vulnerability Database (NVD)
Microsoft ≫ Windows 10 1703 Version- HwPlatformx64
Microsoft ≫ Windows 10 1703 Version- HwPlatformx86
Microsoft ≫ Windows 10 1709 Version- HwPlatformx64
Microsoft ≫ Windows 10 1709 Version- HwPlatformx86
Microsoft ≫ Windows 10 1803 Version- HwPlatformx64
Microsoft ≫ Windows 10 1803 Version- HwPlatformx86
Microsoft ≫ Windows Server 1709 Version- HwPlatformx64
Microsoft ≫ Windows Server 1803 Version- HwPlatformx64
25.03.2022: CISA Known Exploited Vulnerabilities (KEV) Catalog
Microsoft Windows Shell Remote Code Execution Vulnerability
VulnerabilityA remote code execution vulnerability exists when the Windows Shell does not properly validate file paths.
DescriptionApply updates per vendor instructions.
Required actions| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 87.83% | 0.995 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 9.3 | 8.6 | 10 |
AV:N/AC:M/Au:N/C:C/I:C/A:C
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.