Vulnerability in Microsoft Windows 10
CVE-2018-8450
A remote code execution vulnerability exists when Windows Search handles objects in memory, aka "Windows Search Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Wind…
EPSS: 0.161 (96.5th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 8.8 (High). Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.
Affected products
- Microsoft Windows 10 — versions 32-bit Systems, Version 1607 for 32-bit Systems, Version 1607 for x64-based Systems
- Microsoft Windows_10 — versions 1607, 1703, 1709
- Microsoft Windows 10 Servers — versions version 1709 (Server Core Installation), version 1803 (Server Core Installation)
- Microsoft Windows 7 — versions 32-bit Systems Service Pack 1, x64-based Systems Service Pack 1
- Microsoft Windows_7
- Microsoft Windows 8.1 — versions 32-bit systems, x64-based systems
- Microsoft Windows_8.1
- Microsoft Windows Rt 8.1 — versions Windows RT 8.1
- Microsoft Windows_rt_8.1
- Microsoft Windows Server 2008 — versions 32-bit Systems Service Pack 2, 32-bit Systems Service Pack 2 (Server Core installation), x64-based Systems Service Pack 2
Weakness classification (CWE)
References
- secure@microsoft.com (x_refsource_CONFIRM, Patch, Vendor Advisory)
- secure@microsoft.com (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_SECTRACK)
- secure@microsoft.com (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_BID)
Frequently asked questions
- What is CVE-2018-8450?
- CVE-2018-8450 is a high-severity vulnerability in Microsoft Windows 10, classified under Improper Resource Shutdown or Release. CVSS score: 8.8/10. Published 2018-11-14.
- How severe is CVE-2018-8450?
- High severity. CVSS v3 base score is 8.8 out of 10.