PT-2018-1508 · Microsoft · Windows 7+3

Lucas Leong

Published

2018-08-14

Updated

2018-10-18

CVE-2018-8346

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Microsoft Windows versions prior to the fixed version Windows Server 2008 Windows 7 Windows Server 2008 R2

Description A remote code execution issue exists in Microsoft Windows, related to the processing of .LNK files. This could allow remote code execution if a specially crafted .LNK file is processed. The vulnerability may be exploited by remote attackers to execute arbitrary code and affect the system.

Recommendations For Windows Server 2008, update to a version that includes the fix for this issue. For Windows 7, update to a version that includes the fix for this issue. For Windows Server 2008 R2, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting the use of .LNK files until a patch is available.

Fix

RCE

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-64CWE-94

Related Identifiers

BDU:2018-01059

CVE-2018-8346

ZDI-18-940

Affected Products

Windows

Windows 7

Windows Server 2008

Windows Server 2008 R2

PT-2018-1508 · Microsoft · Windows 7+3

CVE-2018-8346

Weakness Enumeration

Related Identifiers

Affected Products

References · 10