← back
CVE-2018-8414

CVE-2018-8414

CVSS 8.8 HIGHEPSS 74.0%● KEVCWE-20
In short

Windows Shell fails to properly validate file paths, allowing an attacker to execute arbitrary code remotely on affected Windows 10 systems. This is a critical flaw because it gives attackers direct control over the compromised computer.

Technical detail

The vulnerability stems from improper input validation (CWE-20) in Windows Shell's file path handling, enabling remote code execution. An attacker can craft malicious file paths that bypass validation checks, leading to arbitrary code execution with the privileges of the affected process. This requires user interaction or network exposure to trigger the flaw.

Summary generated and translated by AI from the official description.
A remote code execution vulnerability exists when the Windows Shell does not properly validate file paths, aka "Windows Shell Remote Code Execution Vulnerability." This affects Windows 10 Servers, Windows 10.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
Microsoft · Windows 10Microsoft · Windows 10 Servers
public PoCs found1
githubgithub.com/whereisr0da/CVE-2018-8414-POC21
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8414https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-8414http://www.securityfocus.com/bid/105016http://www.securitytracker.com/id/1041458