Security News > 2018 > October > PoC exploit for Windows Shell RCE released
Here’s one more reason to hurry with the implementation of the latest Microsoft patches: a PoC exploit for a remote code execution vulnerability that can be exploited via Microsoft Edge has been published and can be easily adapted by attackers. About the vulnerability (CVE-2018-8495) CVE-2018-8495 exists because Windows Shell improperly handles special characters in URIs (it does not sanitize them). “There are multiple issues with the way the product handles URIs within certain schemes. The … More → The post PoC exploit for Windows Shell RCE released appeared first on Help Net Security.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/CsUoJdvr92E/
Related news
- PoC exploit for critical WhatsUp Gold RCE vulnerability released (CVE-2024-8785) (source)
- RomCom Exploits Zero-Day Firefox and Windows Flaws in Sophisticated Cyberattacks (source)
- Exploit released for critical WhatsUp Gold RCE flaw, patch now (source)
- Mitel MiCollab zero-day and PoC exploit unveiled (source)
- PoC exploit chains Mitel MiCollab 0-day, auth-bypass bug to access sensitive files (source)
- New Malware Technique Could Exploit Windows UI Framework to Evade EDR Tools (source)
- 390,000+ WordPress Credentials Stolen via Malicious GitHub Repository Hosting PoC Exploits (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-10-10 | CVE-2018-8495 | Path Traversal vulnerability in Microsoft Windows 10 and Windows Server 2016 A remote code execution vulnerability exists when Windows Shell improperly handles URIs, aka "Windows Shell Remote Code Execution Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. | 7.5 |