Windows Shell RCE PoC exploit for Microsoft Edge

Windows Shell RCE: Here's another very good reason to rush to update your system. A PoC exploit has just been released for a vulnerability that allows remote code,

The security gap exists in the Edge and as you understand, after its public release it will start to be used by all would-be hackers. The vulnerability with identifier the CVE-2018-8495 there is because Windows Shell does not handle appropriate special characters that can be added to a URI.Windows Shell

“There are many problems with the way the handles URIs in certain schemas. The product does not warn the user that some dangerous browsing is about to take place,” explains Trend Micro's Zero Day Initiative (ZDI).

The fact that the exploit cannot be performed without the user performing a specific somewhat mitigates the severity of the vulnerability.

But with the right approach, it can be deceived by users to visit a malicious page, Beyond that, things are very simple.

PoC

Abdulrahman Al-Qabandi, who discovered the error, published a PoC showing that he was able to take advantage of the security gap. He also published the exploit code who wrote about the PoC.

Al-Qabandi reported vulnerability to Microsoft through ZDI in July, and Microsoft reportedly released security updates that will fix it on Tuesday.

The security gap affects the functional: , Windows Server 2016, and Windows Server builds 1709 and 1803.

_________________________

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.100 registrants.

Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).