Microsoft Devices
CVE-2018-8306 — Microsoft Wireless Display Adapter Command Injection Vulnerability
Executive Summary
A command injection vulnerability exists in the Microsoft Wireless Display Adapter (MWDA) when the Microsoft Wireless Display Adapter does not properly manage user input. For this vulnerability to be exploited, the attacker must be authenticated (logged on) to the target display. To exploit the vulnerability, an attacker who is connected to the MWDA could send administrative commands to the MWDA, including commands with illegal characters which could cause the MWDA to stop functioning correctly. The update addresses the vulnerability by modifying how the Microsoft Wireless Display Adapter manages administrative input.
Overview
5.5
CVSS MEDIUM
Important
MS Severity
Not Exploited
MS Exploit Status
Less Likely
MS Exploit Likelihood
CVSS Vector
ATTACK VECTOR
Adjacent
ATTACK COMPLEXITY
Low
PRIVILEGES REQUIRED
Low
USER INTERACTION
None
SCOPE
Unchanged
CONFIDENTIALITY
Low
INTEGRITY
Low
AVAILABILITY
Low
EXPLOIT CODE MATURITY
Proof-of-Concept
REMEDIATION LEVEL
Official Fix
REPORT CONFIDENCE
Confirmed
Temporal Score: 5.0
EPSS Score
No EPSS score available for this CVE.
View on FIRST.orgAffected Products
3 affected products
| Product | KB Article | Severity | Impact | Restart Required |
|---|---|---|---|---|
| Microsoft Wireless Display Adapter V2 Software Version 2.0.8350 | Firmware (Security Update) |
Important | Remote Code Execution | Yes |
| Microsoft Wireless Display Adapter V2 Software Version 2.0.8365 | Firmware (Security Update) |
Important | Remote Code Execution | Yes |
| Microsoft Wireless Display Adapter V2 Software Version 2.0.8372 | Firmware (Security Update) |
Important | Remote Code Execution | Yes |
Patches
1 patch
| Article | Type | Restart |
|---|---|---|
Firmware |
Security Update | Yes |
Known Exploits
No known exploits have been linked for this CVE yet. When available, exploit references will be sourced from public repositories and may be unverified, incomplete, or non-functional. Always review code carefully before use in any environment.
Acknowledgments
Tobias Glemser of secuvera GmbH
Simon Winter
References
On This Page