CVE-2018-8414

A remote code execution vulnerability exists when the Windows Shell does not properly validate file paths, aka "Windows Shell Remote Code Execution Vulnerability." This affects Windows 10 Servers, Windows 10.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
microsoftCNA
---
---
CVEADP
---
---
CISA-ADPADP
8.8 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 99%
VendorProductVersion
microsoftwindows_10_1703
-
microsoftwindows_10_1703
-
microsoftwindows_10_1709
-
microsoftwindows_10_1709
-
microsoftwindows_10_1803
-
microsoftwindows_10_1803
-
microsoftwindows_server_1709
-
microsoftwindows_server_1803
-
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/105016
http://www.securitytracker.com/id/1041458
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8414
http://www.securityfocus.com/bid/105016
http://www.securitytracker.com/id/1041458
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8414