What is CVE-2018-8495?

CVE-2018-8495 is a vulnerability in Microsoft Windows 10. Published 2018-10-10.

Is CVE-2018-8495 known to be exploited?

14 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Microsoft Windows 10

CVE-2018-8495

A remote code execution vulnerability exists when Windows Shell improperly handles URIs, aka "Windows Shell Remote Code Execution Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers.

EPSS: 0.636 (98.4th percentile) — read the EPSS interpretation.

Affected products

Microsoft Windows 10 — versions Version 1607 for 32-bit Systems, Version 1607 for x64-based Systems, Version 1703 for 32-bit Systems
Microsoft Windows 10 Servers — versions version 1709 (Server Core Installation), version 1803 (Server Core Installation)
Microsoft Windows Server 2016 — versions (Server Core installation)

Public proof-of-concept exploits

References

leucosite.com/Microsoft-Edge-RCE/ (x_refsource_MISC)
105461 (vdb-entry, x_refsource_BID)
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8495 (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2018-8495?: CVE-2018-8495 is a vulnerability in Microsoft Windows 10. Published 2018-10-10.
Is CVE-2018-8495 known to be exploited?: 14 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.