Lucene search

[email protected]CVE-2018-8413

HistoryOct 10, 2018 - 1:29 p.m.

CVE-2018-8413

2018-10-1013:29:00

NVD-CWE-noinfo

[email protected]

web.nvd.nist.gov

141

windows theme api

remote code execution

vulnerability

windows 10

windows 7

windows server 2016

nvd

cve-2018-8413

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8 High

AI Score

Confidence

High

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.308 Low

EPSS

Percentile

96.9%

JSON

A remote code execution vulnerability exists when “Windows Theme API” does not properly decompress files, aka “Windows Theme API Remote Code Execution Vulnerability.” This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.

VendorProductVersionCPE
microsoftwindows_732-bit Systems Service Pack 1cpe:2.3:o:microsoft:windows_7:32-bit Systems Service Pack 1:*:*:*:*:*:*:*
microsoftwindows_7x64-based Systems Service Pack 1cpe:2.3:o:microsoft:windows_7:x64-based Systems Service Pack 1:*:*:*:*:*:*:*
microsoftwindows_server_2012_r2(Server Core installation)cpe:2.3:o:microsoft:windows_server_2012_r2:(Server Core installation):*:*:*:*:*:*:*
microsoftwindows_rt_8.1Windows RT 8.1cpe:2.3:o:microsoft:windows_rt_8.1:Windows RT 8.1:*:*:*:*:*:*:*
microsoftwindows_server_2019(Server Core installation)cpe:2.3:o:microsoft:windows_server_2019:(Server Core installation):*:*:*:*:*:*:*
microsoftwindows_server_2012(Server Core installation)cpe:2.3:o:microsoft:windows_server_2012:(Server Core installation):*:*:*:*:*:*:*
microsoftwindows_8.132-bit systemscpe:2.3:o:microsoft:windows_8.1:32-bit systems:*:*:*:*:*:*:*
microsoftwindows_8.1x64-based systemscpe:2.3:o:microsoft:windows_8.1:x64-based systems:*:*:*:*:*:*:*
microsoftwindows_server_2016(Server Core installation)cpe:2.3:o:microsoft:windows_server_2016:(Server Core installation):*:*:*:*:*:*:*
microsoftwindows_server_2008_r2Itanium-Based Systems Service Pack 1cpe:2.3:o:microsoft:windows_server_2008_r2:Itanium-Based Systems Service Pack 1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
microsoft	windows_7	32-bit Systems Service Pack 1	cpe:2.3:o:microsoft:windows_7:32-bit Systems Service Pack 1:::::::*
microsoft	windows_7	x64-based Systems Service Pack 1	cpe:2.3:o:microsoft:windows_7:x64-based Systems Service Pack 1:::::::*
microsoft	windows_server_2012_r2	(Server Core installation)	cpe:2.3:o:microsoft:windows_server_2012_r2:(Server Core installation):::::::*
microsoft	windows_rt_8.1	Windows RT 8.1	cpe:2.3:o:microsoft:windows_rt_8.1:Windows RT 8.1:::::::*
microsoft	windows_server_2019	(Server Core installation)	cpe:2.3:o:microsoft:windows_server_2019:(Server Core installation):::::::*
microsoft	windows_server_2012	(Server Core installation)	cpe:2.3:o:microsoft:windows_server_2012:(Server Core installation):::::::*
microsoft	windows_8.1	32-bit systems	cpe:2.3:o:microsoft:windows_8.1:32-bit systems:::::::*
microsoft	windows_8.1	x64-based systems	cpe:2.3:o:microsoft:windows_8.1:x64-based systems:::::::*
microsoft	windows_server_2016	(Server Core installation)	cpe:2.3:o:microsoft:windows_server_2016:(Server Core installation):::::::*
microsoft	windows_server_2008_r2	Itanium-Based Systems Service Pack 1	cpe:2.3:o:microsoft:windows_server_2008_r2:Itanium-Based Systems Service Pack 1:::::::*