VYPR

Windows Shell

by Microsoft

CVEs (19)

  • CVE-2018-8414HigKEVAug 15, 2018
    risk 0.75cvss 8.8epss 0.74

    A remote code execution vulnerability exists when the Windows Shell does not properly validate file paths, aka "Windows Shell Remote Code Execution Vulnerability." This affects Windows 10 Servers, Windows 10.

  • CVE-2010-2568HigKEVJul 22, 2010
    risk 0.73cvss 7.8epss 0.91

    Windows Shell in Microsoft Windows XP SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 SP2 and R2, and Windows 7 allows local users or remote attackers to execute arbitrary code via a crafted (1) .LNK or (2) .PIF shortcut file, which is not properly handled during icon…

  • CVE-2018-8495HigOct 10, 2018
    risk 0.53cvss 7.5epss 0.56

    A remote code execution vulnerability exists when Windows Shell improperly handles URIs, aka "Windows Shell Remote Code Execution Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers.

  • CVE-2016-0179HigMay 11, 2016
    risk 0.53cvss 7.8epss 0.24

    Windows Shell in Microsoft Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted web site, aka "Windows Shell Remote Code Execution Vulnerability."

  • CVE-2018-0883HigMar 14, 2018
    risk 0.50cvss 7.5epss 0.15

    Windows Shell in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, Windows Server 2016 and Windows Server, version 1709 allows a remote code execution vulnerability due to how file…

  • CVE-2026-42907MedJun 9, 2026
    risk 0.42cvss 6.5epss 0.01

    Exposure of sensitive information to an unauthorized actor in Windows Shell allows an authorized attacker to disclose information locally.

  • CVE-2026-42906MedJun 9, 2026
    risk 0.36cvss 5.5epss 0.00

    Exposure of sensitive information to an unauthorized actor in Windows Shell allows an authorized attacker to disclose information locally.

  • CVE-2010-3970Dec 22, 2010
    risk 0.08cvss epss 0.68

    Stack-based buffer overflow in the CreateSizedDIBSECTION function in shimgvw.dll in the Windows Shell graphics processor (aka graphics rendering engine) in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 allows remote attackers…

  • CVE-2005-0063May 2, 2005
    risk 0.07cvss epss 0.52

    The document processing application used by the Windows Shell in Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code by modifying the CLSID stored in a file so that it is processed by HTML Application Host (MSHTA), as…

  • CVE-2005-2118Oct 21, 2005
    risk 0.04cvss epss 0.46

    Windows Shell for Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 allows remote user-assisted attackers to execute arbitrary commands via a crafted shortcut (.lnk) file with long font properties that lead to a buffer overflow when the user views the file's properties…

  • CVE-2005-2122Oct 21, 2005
    risk 0.04cvss epss 0.43

    Windows Shell for Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 allows remote attackers to execute arbitrary commands via a shortcut (.lnk) file with long font properties that lead to a buffer overflow in the Client/Server Runtime Server Subsystem (CSRSS), a…

  • CVE-2004-0420Jul 7, 2004
    risk 0.04cvss epss 0.46

    The Windows Shell application in Windows 98, Windows ME, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code by spoofing the type of a file via a CLSID specifier in the filename, as demonstrated using Internet…

  • CVE-2020-1286Jun 9, 2020
    risk 0.03cvss epss 0.12

    A remote code execution vulnerability exists when the Windows Shell does not properly validate file paths.An attacker who successfully exploited this vulnerability could run arbitrary code in the context of the current user, aka 'Windows Shell Remote Code Execution…

  • CVE-2015-2548Oct 14, 2015
    risk 0.02cvss epss 0.25

    Use-after-free vulnerability in the Tablet Input Band in Windows Shell in Microsoft Windows Vista SP2 and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka "Microsoft Tablet Input Band Use After Free Vulnerability."

  • CVE-2015-2515Oct 14, 2015
    risk 0.02cvss epss 0.29

    Use-after-free vulnerability in Windows Shell in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows remote attackers to execute arbitrary code via…

  • CVE-2002-0070Mar 15, 2002
    risk 0.01cvss epss 0.20

    Buffer overflow in Windows Shell (used as the Windows Desktop) allows local and possibly remote attackers to execute arbitrary code via a custom URL handler that has not been removed for an application that has been improperly uninstalled.

  • CVE-2022-30222Jul 12, 2022
    risk 0.00cvss epss 0.01

    Windows Shell Remote Code Execution Vulnerability

  • CVE-2019-1053Jun 12, 2019
    risk 0.00cvss epss 0.01

    An elevation of privilege vulnerability exists when the Windows Shell fails to validate folder shortcuts. An attacker who successfully exploited the vulnerability could elevate privileges by escaping a sandbox. To exploit this vulnerability, an attacker would require…

  • CVE-2014-1807May 14, 2014
    risk 0.00cvss epss 0.02

    The ShellExecute API in Windows Shell in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly implement file associations,…