Security News > 2018 > October > PoC exploit for Windows Shell RCE released
2018-10-12 09:53
Here’s one more reason to hurry with the implementation of the latest Microsoft patches: a PoC exploit for a remote code execution vulnerability that can be exploited via Microsoft Edge has been published and can be easily adapted by attackers. About the vulnerability (CVE-2018-8495) CVE-2018-8495 exists because Windows Shell improperly handles special characters in URIs (it does not sanitize them). “There are multiple issues with the way the product handles URIs within certain schemes. The … More → The post PoC exploit for Windows Shell RCE released appeared first on Help Net Security.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/CsUoJdvr92E/
Related news
- Week in review: Windows Server 2025 gets hotpatching option, PoC for SolarWinds WHD flaw released (source)
- Critical Ivanti RCE flaw with public exploit now used in attacks (source)
- Akira and Fog ransomware now exploit critical Veeam RCE flaw (source)
- OilRig Exploits Windows Kernel Flaw in Espionage Campaign Targeting UAE and Gulf (source)
- Iranian hackers now exploit Windows flaw to elevate privileges (source)
- North Korean ScarCruft Exploits Windows Zero-Day to Spread RokRAT Malware (source)
- Exploit released for new Windows Server "WinReg" NTLM Relay attack (source)
- Microsoft SharePoint RCE flaw exploits in the wild – you've had 3 months to patch (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-10-10 | CVE-2018-8495 | Path Traversal vulnerability in Microsoft Windows 10 and Windows Server 2016 A remote code execution vulnerability exists when Windows Shell improperly handles URIs, aka "Windows Shell Remote Code Execution Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. | 7.5 |