Microsoft PowerShell
CVE-2018-8327 — PowerShell Editor Services Remote Code Execution Vulnerability
Critical
2018-07 archive
Executive Summary
A remote code execution vulnerability exists in PowerShell Editor Services. An attacker who successfully exploited this vulnerability could execute malicious code on a vulnerable system. In an attack scenario, an attacker could execute malicious code in a PowerShell Editor Services process. The update addresses the vulnerability by correcting how PowerShell Editor Services secures local connections.
Overview
Critical
MS Severity
Not Exploited
MS Exploit Status
Less Likely
MS Exploit Likelihood
EPSS Score
No EPSS score available for this CVE.
View on FIRST.orgAffected Products
2 affected products
| Product | KB Article | Severity | Impact | Restart Required |
|---|---|---|---|---|
| PowerShell Editor Services | Release Notes (Security Update) |
Critical | Remote Code Execution | Maybe |
| PowerShell Extension for Visual Studio Code | Release Notes (Security Update) |
Critical | Remote Code Execution | Maybe |
Patches
1 patch
| Article | Type | Restart |
|---|---|---|
Release Notes |
Security Update | Maybe |
Known Exploits
No known exploits have been linked for this CVE yet. When available, exploit references will be sourced from public repositories and may be unverified, incomplete, or non-functional. Always review code carefully before use in any environment.
Acknowledgments
Ryan Cumbee (Casaba Security, LLC) & Cory Carson (Casaba Security, LLC) under contract for Microsoft at the time.
References
On This Page