[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

Windows Shell Remote Code Execution Vulnerability - CVE-2018-8495

ID: oval:org.secpod.oval:def:47915Date: (C)2018-10-10   (M)2024-03-06
Class: VULNERABILITYFamily: windows




A remote code execution vulnerability exists when Windows Shell improperly handles URIs. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. An attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge, and then convince a user to view the website. The attack requires specific user interaction which an attacker would need to trick the user into performing. There is no way an attacker could exploit the vulnerability without the user performing the specific action. The security update addresses the vulnerability by modifying how Windows Shell handles URIs.

Platform:
Microsoft Windows Server
Microsoft Windows Server 2016
Microsoft Windows 10
Reference:
CVE-2018-8495
CVE    1
CVE-2018-8495
CPE    10
cpe:/o:microsoft:windows_server_2016:::x64
cpe:/o:microsoft:windows_10:1607:::x64
cpe:/o:microsoft:windows_10:1607:::x86
cpe:/o:microsoft:windows_10:1703:::x64
...

© SecPod Technologies