CVE-2018-8414

HIGHCISA KEV

8.8

Beschreibung

A remote code execution vulnerability exists when the Windows Shell does not properly validate file paths, aka "Windows Shell Remote Code Execution Vulnerability." This affects Windows 10 Servers, Windows 10.

CVE Details

CVSS v3.1 Bewertung8.8

SchweregradHIGH

CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AngriffsvektorNETWORK

KomplexitatLOW

Erforderliche PrivilegienNONE

BenutzerinteraktionREQUIRED

Veroffentlicht8/15/2018

Zuletzt geandert10/28/2025

Quellekev

Honeypot-Sichtungen0

CISA KEV

HerstellerMicrosoft

ProduktWindows

SchwachstellennameMicrosoft Windows Shell Remote Code Execution Vulnerability

KEV Aufnahmedatum2022-03-25

Behebungsfrist2022-04-15

Ransomware-NutzungUnknown

Betroffene Produkte

microsoft:windows_10_1703microsoft:windows_10_1709microsoft:windows_10_1803microsoft:windows_server_1709microsoft:windows_server_1803

Schwachen (CWE)

CWE-20CWE-20

Referenzen

http://www.securityfocus.com/bid/105016(secure@microsoft.com)

http://www.securitytracker.com/id/1041458(secure@microsoft.com)

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8414(secure@microsoft.com)

http://www.securityfocus.com/bid/105016(af854a3a-2127-422b-91ae-364da2661108)

http://www.securitytracker.com/id/1041458(af854a3a-2127-422b-91ae-364da2661108)

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8414(af854a3a-2127-422b-91ae-364da2661108)

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-8414(134c704f-9b21-4f2e-91b3-4a467353bcc0)

IOC Korrelationen

Keine Korrelationen erfasst

This product uses data from the NVD API but is not endorsed or certified by the NVD.