BID:104621

Microsoft Wireless Display Adapter CVE-2018-8306 Command Injection Vulnerability

CVE-2018-8306 |

Info

Microsoft Wireless Display Adapter CVE-2018-8306 Command Injection Vulnerability

Bugtraq ID:	104621
Class:	Input Validation Error
CVE:	CVE-2018-8306
Remote:	Yes
Local:	No
Published:	Jul 10 2018 12:00AM
Updated:	Jul 10 2018 12:00AM
Credit:	Tobias Glemser of secuvera GmbH, Simon Winter of Aalen University.
Vulnerable:	Microsoft Wireless Display Adapter 2.0.8372 Microsoft Wireless Display Adapter 2.0.8365 Microsoft Wireless Display Adapter 2.0.8350

Not Vulnerable:

Discussion

Microsoft Wireless Display Adapter CVE-2018-8306 Command Injection Vulnerability

Microsoft Wireless Display Adapter is prone to a command-injection vulnerability.

An attacker may exploit this issue to inject and execute arbitrary commands within the context of the affected application; this may aid in further attacks.

Exploit / POC

Microsoft Wireless Display Adapter CVE-2018-8306 Command Injection Vulnerability

Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Solution / Fix

Microsoft Wireless Display Adapter CVE-2018-8306 Command Injection Vulnerability

Solution:
Updates are available. Please see the references or vendor advisory for more information.

References

Microsoft Wireless Display Adapter CVE-2018-8306 Command Injection Vulnerability

References:

Microsoft Homepage (Microsoft)
CVE-2018-8306 | Microsoft Wireless Display Adapter Command Injection Vulnerabili (Microsoft)