Security News > 2018 > October > PoC exploit for Windows Shell RCE released
2018-10-12 09:53
Here’s one more reason to hurry with the implementation of the latest Microsoft patches: a PoC exploit for a remote code execution vulnerability that can be exploited via Microsoft Edge has been published and can be easily adapted by attackers. About the vulnerability (CVE-2018-8495) CVE-2018-8495 exists because Windows Shell improperly handles special characters in URIs (it does not sanitize them). “There are multiple issues with the way the product handles URIs within certain schemes. The … More → The post PoC exploit for Windows Shell RCE released appeared first on Help Net Security.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/CsUoJdvr92E/
Related news
- LDAPNightmare PoC Exploit Crashes LSASS and Reboots Windows Domain Controllers (source)
- Mitel 0-day, 5-year-old Oracle RCE bug under active exploit (source)
- Security pros baited with fake Windows LDAP exploit traps (source)
- Hackers exploit critical Aviatrix Controller RCE flaw in attacks (source)
- Cisco warns of denial of service flaw with PoC exploit code (source)
- Unpatched PHP Voyager Flaws Leave Servers Open to One-Click RCE Exploits (source)
- Hackers exploit Cityworks RCE bug to breach Microsoft IIS servers (source)
- FINALDRAFT Malware Exploits Microsoft Graph API for Espionage on Windows and Linux (source)
- SonicWall firewall bug leveraged in attacks after PoC exploit release (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-10-10 | CVE-2018-8495 | Path Traversal vulnerability in Microsoft Windows 10 and Windows Server 2016 A remote code execution vulnerability exists when Windows Shell improperly handles URIs, aka "Windows Shell Remote Code Execution Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. | 7.5 |