Rapid7 Vulnerability & Exploit Database

Microsoft Windows: CVE-2018-0883: Windows Shell Remote Code Execution Vulnerability

Free InsightVM Trial No Credit Card Necessary
2024 Attack Intel Report Latest research by Rapid7 Labs
Back to Search

Microsoft Windows: CVE-2018-0883: Windows Shell Remote Code Execution Vulnerability

Severity
8
CVSS
(AV:N/AC:H/Au:N/C:C/I:C/A:C)
Published
03/13/2018
Created
07/25/2018
Added
03/13/2018
Modified
09/11/2024

Description

Windows Shell in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, Windows Server 2016 and Windows Server, version 1709 allows a remote code execution vulnerability due to how file copy destinations are validated, aka "Windows Shell Remote Code Execution Vulnerability".

Solution(s)

  • microsoft-windows-windows_10-1507-kb4088786
  • microsoft-windows-windows_10-1511-kb4088779
  • microsoft-windows-windows_10-1607-kb4088787
  • microsoft-windows-windows_10-1703-kb4088782
  • microsoft-windows-windows_10-1709-kb4088776
  • microsoft-windows-windows_server_2012-kb4088880
  • microsoft-windows-windows_server_2012_r2-kb4088879
  • microsoft-windows-windows_server_2016-1607-kb4088787
  • msft-kb4088878-3eccb222-8147-418c-b824-32e3963b52c1
  • msft-kb4088878-54e97a4a-39f4-4bb4-bec4-c20626c69b4f
  • msft-kb4088878-89e27e55-1e9f-401f-b425-a336c4de339b
  • msft-kb4088878-b6298521-2c71-4d80-a936-4488236eb2ab
  • msft-kb4088878-ce7acebc-806a-4eee-b8b5-49b0519d888a
  • msft-kb4088878-db255014-1ec8-426a-ab12-20e28bec0d24
  • msft-kb4088879-beb98ea4-03f7-4d8c-a14c-1283b674e7b5
  • msft-kb4088879-ebcd1310-7b09-4c4a-9782-1b7e7c242dfd
  • msft-kb4088880-4af681cd-8e85-46e0-810c-ef55910f3037
  • msft-kb4088880-885d494a-b0e4-442b-8540-30de0cf6feba
  • msft-kb4089175-09505465-88b2-4385-b74a-e906d63ed2aa
  • msft-kb4089175-1ba4e9d0-806b-4deb-b77a-43808a44f16c
  • msft-kb4089175-29e1c40e-9a8b-4c47-a98d-7dec9dd47af5
  • msft-kb4089175-cb55efd6-b27c-41d0-b6c4-60b8566d8047

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;