Security News > 2018 > October > PoC exploit for Windows Shell RCE released

PoC exploit for Windows Shell RCE released
2018-10-12 09:53

Here’s one more reason to hurry with the implementation of the latest Microsoft patches: a PoC exploit for a remote code execution vulnerability that can be exploited via Microsoft Edge has been published and can be easily adapted by attackers. About the vulnerability (CVE-2018-8495) CVE-2018-8495 exists because Windows Shell improperly handles special characters in URIs (it does not sanitize them). “There are multiple issues with the way the product handles URIs within certain schemes. The … More → The post PoC exploit for Windows Shell RCE released appeared first on Help Net Security.


News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/CsUoJdvr92E/

Related news

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2018-10-10 CVE-2018-8495 Path Traversal vulnerability in Microsoft Windows 10 and Windows Server 2016
A remote code execution vulnerability exists when Windows Shell improperly handles URIs, aka "Windows Shell Remote Code Execution Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers.
network
high complexity
microsoft CWE-22
7.5
7.5