← back
CVE-2018-0824

CVE-2018-0824

CVSS 7.5 HIGHEPSS 73.5%● KEVCWE-502
In short

Microsoft COM fails to safely handle serialized objects, allowing attackers to execute arbitrary code remotely on affected Windows systems. This is a critical flaw because it requires no user interaction beyond receiving malicious data.

Technical detail

CWE-502 unsafe deserialization vulnerability in Microsoft COM allows remote code execution when specially crafted serialized objects are processed without proper validation. The attack vector is network-based with low complexity; no authentication or user interaction is required. Impact includes complete system compromise across multiple Windows versions.

Summary generated and translated by AI from the official description.
A remote code execution vulnerability exists in "Microsoft COM for Windows" when it fails to properly handle serialized objects, aka "Microsoft COM for Windows Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
n/a · n/a
public PoCs found3
githubgithub.com/codewhitesec/UnmarshalPwn87cve_referencewww.exploit-db.com/exploits/44906/unverifiedexploitdbwww.exploit-db.com/exploits/44906unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0824https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-0824https://www.exploit-db.com/exploits/44906/http://www.securityfocus.com/bid/104030http://www.securitytracker.com/id/1040848