Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.3
CVSSv2

CVE-2018-8115

Published: 02/05/2018 Updated: 13/06/2018
CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6
CVSS v3 Base Score: 8.6 | Impact Score: 6 | Exploitability Score: 1.8
VMScore: 829
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Summary

A remote code execution vulnerability exists when the Windows Host Compute Service Shim (hcsshim) library fails to properly validate input while importing a container image, aka "Windows Host Compute Service Shim Remote Code Execution Vulnerability." This affects Windows Host Compute.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

microsoft windows host compute service shim

Github Repositories

https://github.com/aquasecurity/scan-cve-2018-8115

_____ _ _ /\ / ____| (_) | / \ __ _ _ _ __ _ | (___ ___ ___ _ _ _ __ _| |_ _ _ / /\ \ / _` | | | |/ _` | \___ \ / _ \/ __| | | | '__| | __| | | | / ____ \ (_| | |_| | (_| | ____) | __/ (__| |_| | | | | |_| |_| | /_/ \_\__, |\__,_|\__,_| |_____/ \___|\___|\__,

https://github.com/iridium-soda/image_repacker

A tool to repack modified image files automatically.

image_repacker A tool to repack modified image files automatically This repo fix the modified image's digest automatically and tar it A simple script to help me push broken images to Dockerhub How docker image organized After exporting an image by docker save and tar -xvf, the dir shows the following structure: ├── 81f3f27e365c8ae00dc6534173bd5cea0fde798b8278520

Recent Articles

It's 2018, and a webpage can still pwn your Windows PC – and apps can escape Hyper-V
The Register • Chris Williams, Editor in Chief • 09 May 2018

Scores of bugs, from Edge and Office to kernel code to Adobe Flash, need fixing ASAP

Patch Tuesday Microsoft and Adobe have patched a bunch of security bugs in their products that can be exploited by hackers to commandeer vulnerable computers, siphon people's personal information, and so on. Redmond emitted 68 patches alone, 21 rated critical and at least two being actively exploited in the wild. There are browser and kernel patches you should look into first, check out an Office 365 email filter bypass that isn't addressed, then Hyper-V if you're using that, and then the rest. ...

Read more...
Using Docker and Windows Server Containers? There's a patch for that
The Register • Richard Speed • 03 May 2018

Remote code execution vuln found lurking in Microsoft's open-sourced shim

Microsoft has emitted a patch to fix a critical vulnerability in a wrapper used to launch Windows Server Containers from Go. The issue (CVE-2018-8115) is a nasty one, allowing remote code execution when importing a container image due to a failure of the library to validate what was on the way in. Exploiting the issue could be a challenge, as Microsoft stated: "An attacker would place malicious code in a specially crafted container image which, if an authenticated administrator imported (pulled)...

Read more...

References

CWE-20https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8115http://www.securityfocus.com/bid/104061http://www.securitytracker.com/id/1040842https://nvd.nist.govhttps://github.com/aquasecurity/scan-cve-2018-8115https://github.com/iridium-soda/image_repackerhttps://www.theregister.co.uk/2018/05/03/docker_for_windows_vuln/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-30310CVE-2024-21683CVE-2024-22187chromedeserializationXPath injectionCVE-2024-27842denial of serviceCVE-2024-24851googleCVE-2024-35400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook