VDB

CVE-2018-8174

CVE-2018-8174 PUBLISHED KEV CVSS 7.5 HIGH

A remote code execution vulnerability exists in "Microsoft COM for Windows" when it fails to properly handle serialized objects, aka "Microsoft COM for Windows Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.

EPSS 94.28% · 99.9th percentile

Risk Scores

CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
94.28%
99.9th percentile

Affected Products

VendorProductVersions
microsoftwindows_8.10
microsoftwindows_server_2008r2, 0, r2
n/an/an/a
microsoftwindows_server_20120, r2
microsoftwindows_70
microsoftwindows_101709, 0, 1803
microsoftwindows_server_20161709, 1803, 0
microsoftwindows_rt_8.10

Exploit Intelligence

…and 165 more exploits

Timeline

  • May 8, 2018 PoC Published
  • May 9, 2018 CVE Published
  • May 24, 2018 PoC Published
  • Oct 25, 2018 PoC Published
  • Mar 11, 2019 PoC Published
  • Apr 14, 2021 EPSS Score
  • Jun 23, 2021 EPSS Score
  • Aug 24, 2021 EPSS Score
  • Dec 27, 2021 EPSS Score
  • Feb 4, 2022 EPSS Score
  • Feb 15, 2022 CISA KEV Added
  • Feb 28, 2022 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›