Windows Shell
by Microsoft
CVEs (23)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-8414 | Hig | 0.75 | 8.8 | 0.74 | KEV | Aug 15, 2018 | A remote code execution vulnerability exists when the Windows Shell does not properly validate file paths, aka "Windows Shell Remote Code Execution Vulnerability." This affects Windows 10 Servers, Windows 10. | |
| CVE-2010-2568 | Hig | 0.73 | 7.8 | 0.91 | KEV | Jul 22, 2010 | Windows Shell in Microsoft Windows XP SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 SP2 and R2, and Windows 7 allows local users or remote attackers to execute arbitrary code via a crafted (1) .LNK or (2) .PIF shortcut file, which is not properly handled during icon… | |
| CVE-2020-1286 | Hig | 0.58 | 8.8 | 0.12 | Jun 9, 2020 | A remote code execution vulnerability exists when the Windows Shell does not properly validate file paths.An attacker who successfully exploited this vulnerability could run arbitrary code in the context of the current user, aka 'Windows Shell Remote Code Execution… | ||
| CVE-2022-30222 | Hig | 0.55 | 8.4 | 0.01 | Jul 12, 2022 | Windows Shell Remote Code Execution Vulnerability | ||
| CVE-2018-8495 | Hig | 0.53 | 7.5 | 0.56 | Oct 10, 2018 | A remote code execution vulnerability exists when Windows Shell improperly handles URIs, aka "Windows Shell Remote Code Execution Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. | ||
| CVE-2016-0179 | Hig | 0.53 | 7.8 | 0.24 | May 11, 2016 | Windows Shell in Microsoft Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted web site, aka "Windows Shell Remote Code Execution Vulnerability." | ||
| CVE-2025-49679 | Hig | 0.51 | 7.8 | 0.00 | Jul 8, 2025 | Numeric truncation error in Windows Shell allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-27729 | Hig | 0.51 | 7.8 | 0.01 | Apr 8, 2025 | Use after free in Windows Shell allows an unauthorized attacker to execute code locally. | ||
| CVE-2018-0883 | Hig | 0.50 | 7.5 | 0.15 | Mar 14, 2018 | Windows Shell in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, Windows Server 2016 and Windows Server, version 1709 allows a remote code execution vulnerability due to how file… | ||
| CVE-2024-43552 | Hig | 0.48 | 7.3 | 0.01 | Oct 8, 2024 | Windows Shell Remote Code Execution Vulnerability | ||
| CVE-2026-42907 | Med | 0.42 | 6.5 | 0.01 | Jun 9, 2026 | Exposure of sensitive information to an unauthorized actor in Windows Shell allows an authorized attacker to disclose information locally. | ||
| CVE-2019-1053 | Med | 0.41 | 6.3 | 0.01 | Jun 12, 2019 | An elevation of privilege vulnerability exists when the Windows Shell fails to validate folder shortcuts. An attacker who successfully exploited the vulnerability could elevate privileges by escaping a sandbox. To exploit this vulnerability, an attacker would require… | ||
| CVE-2026-42906 | Med | 0.36 | 5.5 | 0.00 | Jun 9, 2026 | Exposure of sensitive information to an unauthorized actor in Windows Shell allows an authorized attacker to disclose information locally. | ||
| CVE-2025-47160 | Med | 0.35 | 5.4 | 0.01 | Jun 10, 2025 | Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network. | ||
| CVE-2010-3970 | 0.08 | — | 0.68 | Dec 22, 2010 | Stack-based buffer overflow in the CreateSizedDIBSECTION function in shimgvw.dll in the Windows Shell graphics processor (aka graphics rendering engine) in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 allows remote attackers… | |||
| CVE-2005-0063 | 0.07 | — | 0.52 | May 2, 2005 | The document processing application used by the Windows Shell in Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code by modifying the CLSID stored in a file so that it is processed by HTML Application Host (MSHTA), as… | |||
| CVE-2005-2118 | 0.04 | — | 0.46 | Oct 21, 2005 | Windows Shell for Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 allows remote user-assisted attackers to execute arbitrary commands via a crafted shortcut (.lnk) file with long font properties that lead to a buffer overflow when the user views the file's properties… | |||
| CVE-2004-0420 | 0.04 | — | 0.46 | Jul 7, 2004 | The Windows Shell application in Windows 98, Windows ME, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code by spoofing the type of a file via a CLSID specifier in the filename, as demonstrated using Internet… | |||
| CVE-2005-2122 | 0.03 | — | 0.43 | Oct 21, 2005 | Windows Shell for Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 allows remote attackers to execute arbitrary commands via a shortcut (.lnk) file with long font properties that lead to a buffer overflow in the Client/Server Runtime Server Subsystem (CSRSS), a… | |||
| CVE-2015-2548 | 0.02 | — | 0.25 | Oct 14, 2015 | Use-after-free vulnerability in the Tablet Input Band in Windows Shell in Microsoft Windows Vista SP2 and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka "Microsoft Tablet Input Band Use After Free Vulnerability." |
- risk 0.75cvss 8.8epss 0.74
A remote code execution vulnerability exists when the Windows Shell does not properly validate file paths, aka "Windows Shell Remote Code Execution Vulnerability." This affects Windows 10 Servers, Windows 10.
- risk 0.73cvss 7.8epss 0.91
Windows Shell in Microsoft Windows XP SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 SP2 and R2, and Windows 7 allows local users or remote attackers to execute arbitrary code via a crafted (1) .LNK or (2) .PIF shortcut file, which is not properly handled during icon…
- risk 0.58cvss 8.8epss 0.12
A remote code execution vulnerability exists when the Windows Shell does not properly validate file paths.An attacker who successfully exploited this vulnerability could run arbitrary code in the context of the current user, aka 'Windows Shell Remote Code Execution…
- risk 0.55cvss 8.4epss 0.01
Windows Shell Remote Code Execution Vulnerability
- risk 0.53cvss 7.5epss 0.56
A remote code execution vulnerability exists when Windows Shell improperly handles URIs, aka "Windows Shell Remote Code Execution Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers.
- risk 0.53cvss 7.8epss 0.24
Windows Shell in Microsoft Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted web site, aka "Windows Shell Remote Code Execution Vulnerability."
- risk 0.51cvss 7.8epss 0.00
Numeric truncation error in Windows Shell allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.01
Use after free in Windows Shell allows an unauthorized attacker to execute code locally.
- risk 0.50cvss 7.5epss 0.15
Windows Shell in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, Windows Server 2016 and Windows Server, version 1709 allows a remote code execution vulnerability due to how file…
- risk 0.48cvss 7.3epss 0.01
Windows Shell Remote Code Execution Vulnerability
- risk 0.42cvss 6.5epss 0.01
Exposure of sensitive information to an unauthorized actor in Windows Shell allows an authorized attacker to disclose information locally.
- risk 0.41cvss 6.3epss 0.01
An elevation of privilege vulnerability exists when the Windows Shell fails to validate folder shortcuts. An attacker who successfully exploited the vulnerability could elevate privileges by escaping a sandbox. To exploit this vulnerability, an attacker would require…
- risk 0.36cvss 5.5epss 0.00
Exposure of sensitive information to an unauthorized actor in Windows Shell allows an authorized attacker to disclose information locally.
- risk 0.35cvss 5.4epss 0.01
Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network.
- CVE-2010-3970Dec 22, 2010risk 0.08cvss —epss 0.68
Stack-based buffer overflow in the CreateSizedDIBSECTION function in shimgvw.dll in the Windows Shell graphics processor (aka graphics rendering engine) in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 allows remote attackers…
- CVE-2005-0063May 2, 2005risk 0.07cvss —epss 0.52
The document processing application used by the Windows Shell in Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code by modifying the CLSID stored in a file so that it is processed by HTML Application Host (MSHTA), as…
- CVE-2005-2118Oct 21, 2005risk 0.04cvss —epss 0.46
Windows Shell for Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 allows remote user-assisted attackers to execute arbitrary commands via a crafted shortcut (.lnk) file with long font properties that lead to a buffer overflow when the user views the file's properties…
- CVE-2004-0420Jul 7, 2004risk 0.04cvss —epss 0.46
The Windows Shell application in Windows 98, Windows ME, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code by spoofing the type of a file via a CLSID specifier in the filename, as demonstrated using Internet…
- CVE-2005-2122Oct 21, 2005risk 0.03cvss —epss 0.43
Windows Shell for Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 allows remote attackers to execute arbitrary commands via a shortcut (.lnk) file with long font properties that lead to a buffer overflow in the Client/Server Runtime Server Subsystem (CSRSS), a…
- CVE-2015-2548Oct 14, 2015risk 0.02cvss —epss 0.25
Use-after-free vulnerability in the Tablet Input Band in Windows Shell in Microsoft Windows Vista SP2 and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka "Microsoft Tablet Input Band Use After Free Vulnerability."
Page 1 of 2