CVE-2018-8346

Опубликовано: 15 авг. 2018

Источник: nvd

CVSS3: 8.8

CVSS2: 9.3

EPSS Средний

Описание

A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed, aka "LNK Remote Code Execution Vulnerability." This affects Windows Server 2008, Windows 7, Windows Server 2008 R2. This CVE ID is unique from CVE-2018-8345.

Ссылки

http://www.securityfocus.com/bid/105028
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1041473
Third Party Advisory
VDB Entry
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8346
Patch
Vendor Advisory
http://www.securityfocus.com/bid/105028
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1041473
Third Party Advisory
VDB Entry
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8346
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*

EPSS

Процентиль: 95%

0.19784

Средний

8.8 High

CVSS3

9.3 Critical

CVSS2

Дефекты

CWE-94

Связанные уязвимости

CVE-2018-8346

CVSS3: 7.5

msrc

почти 7 лет назад

LNK Remote Code Execution Vulnerability

GHSA-28mr-3phc-39gr