Remote code execution in Windows Shell

1) Improper input validation

EUVDB-ID: #VU15254

Risk: High

CVSSv4.0: 7.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber]

CVE-ID: CVE-2018-8495

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker can execute arbitrary code on the target system.

The weakness exists due to improper handling of URIs by Windows Shell. A remote attacker can trick the victim into opening a specially crafted file with Microsoft Edge and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Windows: 10 - 10 1809 10.0.17763.1

Windows Server: 2016 10.0.14393.10 - 2019 1803

CPE2.3

• cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*
• cpe:2.3:o:microsoft:windows:10_1607:10.0.14393.10:*:*:*:*:*:*
• cpe:2.3:o:microsoft:windows:10_1703:10.0.15063.138:*:*:*:*:*:*
• cpe:2.3:o:microsoft:windows:10_1709:10.0.16299.19:*:*:*:*:*:*
• cpe:2.3:o:microsoft:windows:10_1803:10.0.17134.48:*:*:*:*:*:*
• cpe:2.3:o:microsoft:windows:10_1809:10.0.17763.1:*:*:*:*:*:*
• cpe:2.3:o:microsoft:windows_server:2016:10.0.14393.10:*:*:*:*:*:*
• cpe:2.3:o:microsoft:windows_server:2019_1709:*:*:*:*:*:*:*
• cpe:2.3:o:microsoft:windows_server:2019_1803:*:*:*:*:*:*:*

External links

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8495

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.