CVE-2018-8414

CVE Database · CVE-2018-8414

CVE-2018-8414

· HIGHAnalyzed

CVSS v3.1

8.8

EPSS

73.97%

Published

Aug 15, 2018

Modified

Oct 28, 2025

CISA Known Exploited Vulnerability

Added: 2022-03-25 · Due: 2022-04-15

Apply updates per vendor instructions.

Public PoC / Exploit (2)

All weaponized →

TrickestTrickest PoC index GitHub PoCwhereisr0da/CVE-2018-8414-POC★21

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A remote code execution vulnerability exists when the Windows Shell does not properly validate file paths, aka "Windows Shell Remote Code Execution Vulnerability." This affects Windows 10 Servers, Windows 10.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-20CWE-20

Affected Products (8)

microsoft · windows_10_1703vulnerable

microsoft · windows_10_1709vulnerable

microsoft · windows_10_1803vulnerable

microsoft · windows_server_1709vulnerable

microsoft · windows_server_1803vulnerable

References (7)

http://www.securityfocus.com/bid/105016

Broken LinkThird Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1041458

Broken LinkThird Party AdvisoryVDB Entry

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8414

PatchVendor Advisory

http://www.securityfocus.com/bid/105016

Broken LinkThird Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1041458

Broken Link

KEV Catalog EPSS Scores Vendors All CVEs