CVE-2018-8256 - NVD | ByteOS Network

NVD Vulnerability Details :

CVE-2018-8256

Analyzed

More Info Official Page

Source-secure@microsoft.com

Published At-14 Nov, 2018 | 01:29

Updated At-30 Sep, 2021 | 16:07

A remote code execution vulnerability exists when PowerShell improperly handles specially crafted files, aka "Microsoft PowerShell Remote Code Execution Vulnerability." This affects Windows RT 8.1, PowerShell Core 6.0, Microsoft.PowerShell.Archive 1.2.2.0, Windows Server 2016, Windows Server 2012, Windows Server 2008 R2, Windows Server 2019, Windows 7, Windows Server 2012 R2, PowerShell Core 6.1, Windows 10 Servers, Windows 10, Windows 8.1.

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.0	8.8	HIGH	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary	2.0	9.3	HIGH	AV:N/AC:M/Au:N/C:C/I:C/A:C

Type: Primary

Version: 3.0

Base score: 8.8

Base severity: HIGH

Vector:

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Type: Primary

Version: 2.0

Base score: 9.3

Base severity: HIGH

Vector:

AV:N/AC:M/Au:N/C:C/I:C/A:C

CPE Matches

Microsoft Corporation

>>microsoft.powershell.archive>>1.2.2.0

cpe:2.3:a:microsoft:microsoft.powershell.archive:1.2.2.0:*:*:*:*:*:*:*

Microsoft Corporation

>>powershell_core>>6.0

cpe:2.3:a:microsoft:powershell_core:6.0:*:*:*:*:*:*:*

Microsoft Corporation

>>powershell_core>>6.1

cpe:2.3:a:microsoft:powershell_core:6.1:*:*:*:*:*:*:*

Microsoft Corporation

>>windows_10>>-

cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*

Microsoft Corporation

>>windows_10>>1607

cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*

Microsoft Corporation

>>windows_10>>1703

cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*

Microsoft Corporation

>>windows_10>>1709

cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*

Microsoft Corporation

>>windows_10>>1803

cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*

Microsoft Corporation

>>windows_10>>1809

cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*

Microsoft Corporation

cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*

Microsoft Corporation

>>windows_8.1>>-

cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*

Microsoft Corporation

>>windows_rt_8.1>>-

cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*

Microsoft Corporation

>>windows_server_2008>>r2

cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*

Microsoft Corporation

>>windows_server_2008>>r2

cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*

Microsoft Corporation

>>windows_server_2012>>-

cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*

Microsoft Corporation

>>windows_server_2012>>r2

cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*

Microsoft Corporation

>>windows_server_2016>>-

cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*

Microsoft Corporation

>>windows_server_2016>>1709

cpe:2.3:o:microsoft:windows_server_2016:1709:*:*:*:*:*:*:*

Microsoft Corporation

>>windows_server_2016>>1803

cpe:2.3:o:microsoft:windows_server_2016:1803:*:*:*:*:*:*:*

Microsoft Corporation

>>windows_server_2019>>-

cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
NVD-CWE-noinfo	Primary	nvd@nist.gov

CWE ID: NVD-CWE-noinfo

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
http://www.securityfocus.com/bid/105781	secure@microsoft.com	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1042108	secure@microsoft.com	VDB Entry Third Party Advisory
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8256	secure@microsoft.com	Patch Vendor Advisory

Hyperlink: http://www.securityfocus.com/bid/105781

Source: secure@microsoft.com

Resource:

Third Party Advisory

VDB Entry

Hyperlink: http://www.securitytracker.com/id/1042108

Source: secure@microsoft.com

Resource:

VDB Entry

Third Party Advisory

Hyperlink: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8256

Source: secure@microsoft.com

Resource:

Patch

Vendor Advisory