cbcvebase.
CVE-2018-8327
published 2018-07-11

CVE-2018-8327: A remote code execution vulnerability exists in PowerShell Editor Services, aka "PowerShell Editor Services Remote Code Execution Vulnerability." This affects…

PriorityP266critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
21.17%
97.3th percentile
A remote code execution vulnerability exists in PowerShell Editor Services, aka "PowerShell Editor Services Remote Code Execution Vulnerability." This affects PowerShell Editor, PowerShell Extension.

Affected

6 ranges
VendorProductVersion rangeFixed in
microsoftpowershell< 1.7.01.7.0
microsoftpowershell_editor
microsoftpowershell_editor_services< 1.7.01.7.0
microsoftpowershell_extension
msrcpowershell_editor_services
msrcpowershell_extension_for_visual_studio_code

Detection & IOCsextracted from sources · hover to see the quote

  • The vulnerability exists in PowerShell Editor Services and is exploited by attacking local connections to the PowerShell Editor Services process. Monitor for unexpected or unauthorized connections to the PowerShell Editor Services process.
  • The root cause is insecure local connection handling in PowerShell Editor Services. Detection should focus on anomalous process activity or unexpected code execution originating from a PowerShell Editor Services process.
  • ·Affected versions are those prior to v1.8.0 of PowerShell Editor Services. The fix is documented in the v1.8.0 release notes. Verify installed version to determine exposure.
  • ·As of the advisory, this vulnerability had not been publicly exploited (Exploited: No, Publicly Disclosed: No), reducing immediate urgency but patching is still recommended.

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
vendor_msrc9.8CRITICAL
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.