Windows Shell RCE PoC exploit for Microsoft Edge

Shell RCE: Ακολουθεί ένας ακόμη πολύ καλός λόγος για να βιαστείς να ενημερώσεις το σύστημά σου. Μόλις κυκλοφόρησε ένα exploit PoC για μια που επιτρέπει απομακρυσμένη εκτέλεση κώδικα,

The security flaw exists in Microsoft Edge and as you know, after its public release it will start to be used by all aspiring hackers. Vulnerability with ID CVE-2018-8495 there is because Windows Shell does not handle appropriate special characters that can be added to a URI.Windows Shell

“There are many problems with the way the χειρίζεται τα URIs σε ορισμένα σχήματα. Το προϊόν δεν προειδοποιεί το χρήστη ότι πρόκειται να πραγματοποιηθεί κάποια επικίνδυνη πλοήγηση,” εξηγεί η Zero Day Initiative της (ZDI).

The fact that the exploit can not be performed without the user performing a specific action mitigates the severity of the vulnerability.

But with the right approach, tricking users into visiting a malicious one can be done , From there things are very simple.


Abdulrahman Al-Qabandi, who discovered it , published a PoC showing how he was able to exploit the security hole. He also published the exploit code who wrote about the PoC.

Al-Qabandi reported vulnerability to Microsoft through ZDI in July, and Microsoft reportedly released security updates that will fix it on Tuesday.

The security gap affects the operating systems: Windows 10, 2016 and Windows Server in builds 1709 and 1803.

_________________________ The Best Technology Site in Greecefgns

Subscribe to Blog by Email

Subscribe to this blog and receive notifications of new posts by email.

Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).