Cyber Resilience

CVE-2018-0824

HighCISA KEVActive ExploitationEUVD ExploitedPublic PoCRCE

Published: 09 May 2018

Published
09 May 2018
Modified
28 October 2025
KEV Added
05 August 2024
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.9151 99.7th percentile
Risk Priority 93 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2018-0824 is a high-severity Deserialization of Untrusted Data (CWE-502) vulnerability in Microsoft Windows Server 2008. Its CVSS base score is 8.8 (High).

Operationally, ranked in the top 0.3% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

A remote code execution vulnerability tracked as CVE-2018-0824 exists in Microsoft COM for Windows due to improper handling of serialized objects. The flaw is associated with CWE-502 and affects multiple Windows releases, specifically Windows 7, Windows 8.1, Windows RT 8.1, Windows 10, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016.

An unauthenticated remote attacker can trigger the issue over a network connection. The attack requires user interaction and can result in arbitrary code execution with high impact to confidentiality, integrity, and availability, consistent with the CVSS 3.1 base score of 8.8.

Microsoft's security advisory supplies patch information and mitigation guidance for supported versions of the affected operating systems. Public exploit code for the vulnerability has been published.

EU & UK References

Vulnerability details

A remote code execution vulnerability exists in "Microsoft COM for Windows" when it fails to properly handle serialized objects, aka "Microsoft COM for Windows Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows…

more

Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.

CWE(s)
KEV Date Added
05 August 2024

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

microsoft
windows 10 1507
all versions
microsoft
windows 10 1607
all versions
microsoft
windows 10 1703
all versions
microsoft
windows 10 1709
all versions
microsoft
windows 10 1803
all versions
microsoft
windows 7
all versions
microsoft
windows 8.1
all versions
microsoft
windows rt 8.1
all versions
microsoft
windows server 1709
all versions
microsoft
windows server 1803
all versions
+3 more product configuration(s) — see NVD for full list

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires applying the vendor patches Microsoft released for CVE-2018-0824 to eliminate the deserialization flaw in COM.

prevent

Enforces validation and sanitization of untrusted serialized objects before COM deserializes them, directly blocking the CWE-502 vector.

preventdetect

Deploys malicious-code detection mechanisms that can recognize and block the arbitrary code payloads delivered via the COM RCE exploit.

References