7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
7.6 High
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:H/Au:N/C:C/I:C/A:C
0.93 High
EPSS
Percentile
98.8%
10 on 12 May, security researchers released a Windows Shell REC( CVE-2018-8495), the vulnerability proof of concept code, the affected software for Windows 10 built-in Microsoft Edge, the attacker can use the code through the Microsoft Edge browser on the remote computer to run malicious code.
It is understood that the vulnerability is due to the Windows Shell handles URI, unfiltered special URI, such as pulling up the script for the Windows Script Host URI for wshfile, the cause of the RCE.
! [](/Article/UploadPic/2018-10/20181013192510850. jpg? www. myhack58. com)
! [](/Article/UploadPic/2018-10/20181013192510663. jpg? www. myhack58. com)
When the structure contains a special URI of the page, to induce the user to open the tap, it will pop up the following window, this time the default focus is ok button, only the user press again the enter key, it will pull up the script to execute arbitrary commands.
The vulnerability is in the 10 month 9 day exposure, the levels belonging to the“high-risk”is. Currently, Microsoft has released a repair patch. The user can click onhereas soon as possible repair.
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
7.6 High
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:H/Au:N/C:C/I:C/A:C
0.93 High
EPSS
Percentile
98.8%