CyberSec.Space Logo
Back to CVE Browser

CVE-2018-8414

Known Exploited (CISA KEV)HIGH
8.8
CVSS Severity Score
EPSS Score86.8900%
EPSS Percentile95.50th
PublishedAug 15, 2018
Last ModifiedOct 28, 2025

Vulnerability Description

A remote code execution vulnerability exists when the Windows Shell does not properly validate file paths, aka "Windows Shell Remote Code Execution Vulnerability." This affects Windows 10 Servers, Windows 10.

Affected Platforms (CPE)

πŸ’»
Microsoft

Windows 10 1703

All versions
πŸ’»
Microsoft

Windows 10 1703

All versions
πŸ’»
Microsoft

Windows 10 1709

All versions
πŸ’»
Microsoft

Windows 10 1709

All versions
πŸ’»
Microsoft

Windows 10 1803

All versions
πŸ’»
Microsoft

Windows 10 1803

All versions
πŸ’»
Microsoft

Windows Server 1709

All versions
πŸ’»
Microsoft

Windows Server 1803

All versions

References & Advisories

πŸ”— http://www.securityfocus.com/bid/105016
πŸ”— http://www.securitytracker.com/id/1041458
πŸ”— https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8414
πŸ”— http://www.securityfocus.com/bid/105016
πŸ”— http://www.securitytracker.com/id/1041458
πŸ”— https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8414
πŸ”— https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-8414

Related Vulnerabilities

CVE-2017-85899.8

Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 1...

CVE-2017-117719.8

The Microsoft Windows Search component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server...

CVE-2017-85439.8

Microsoft Windows XP SP3, Windows XP x64 XP2, Windows Server 2003 SP2, Windows Vista, Windows 7 SP1, Windows Server 2008 SP2 and R...

CVE-2017-118999.8

Device Guard in Windows 10 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows a security featu...