Windows Host Compute Service Shim remote code execution vulnerability
Tags
| attack-pattern: | Data Malicious Image - T1204.003 Trap - T1546.005 Trap - T1154 |
Common Information
| Type | Value |
|---|---|
| UUID | f1c5d323-4070-40ea-be62-f4aeadf6a8c8 |
| Fingerprint | c0628781c86d442 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Feb. 21, 2018, midnight |
| Added to db | Feb. 18, 2023, 1:06 a.m. |
| Last updated | Nov. 17, 2024, 6:31 p.m. |
| Headline | Windows Host Compute Service Shim remote code execution vulnerability |
| Title | Windows Host Compute Service Shim remote code execution vulnerability |
| Detected Hints/Tags/Attributes | 35/1/34 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://hansmi.ch/articles/2018-04-windows-hcsshim-security |
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | CVE | 4 | cve-2018-8115 |
|
| Details | Domain | 4 | modern.ie |
|
| Details | Domain | 41 | docker.io |
|
| Details | Domain | 1 | hansmi.ch |
|
| Details | Domain | 4 | tarfile.open |
|
| Details | Domain | 1 | script.name |
|
| Details | Domain | 1 | doc.name |
|
| Details | Domain | 1 | demo.name |
|
| Details | Domain | 1 | reparse.name |
|
| Details | Domain | 64 | go.microsoft.com |
|
| Details | File | 1 | layer.tar |
|
| Details | File | 1 | demo.tar |
|
| Details | File | 2 | evil.bat |
|
| Details | File | 3 | script.bat |
|
| Details | File | 22 | text.txt |
|
| Details | File | 1 | fromimage.txt |
|
| Details | File | 2 | tarfile.tar |
|
| Details | File | 1 | resume.txt |
|
| Details | File | 1 | evil.tar |
|
| Details | File | 153 | config.json |
|
| Details | File | 86 | manifest.json |
|
| Details | File | 2 | vnd.doc |
|
| Details | File | 1 | foreign.dif |
|
| Details | File | 2 | f.tar |
|
| Details | File | 2 | rootfs.dif |
|
| Details | File | 1 | c:\resume.txt |
|
| Details | sha256 | 1 | 8a62949f00589b4b9e99586bd40555ad36c1719a4d1c60d7094fbfb5997c4d12 |
|
| Details | sha256 | 1 | 6c357baed9f5177e8c8fd1fa35b39266f329535ec8801385134790eb08d8787d |
|
| Details | sha256 | 1 | 06def82ae218583423386cf68ab2dbb0715e69132d9b74e2fbdd9173142ef6f7 |
|
| Details | sha256 | 1 | bce2fbc256ea437a87dadac2f69aabd25bed4f56255549090056c1131fad0277 |
|
| Details | sha256 | 1 | cb1aafb7147372cc64faa070b94a893b8cd2e3de3a0e8001dc225c627d991c58 |
|
| Details | Url | 1 | https://hansmi.ch |
|
| Details | Url | 1 | https://go.microsoft.com/fwlink/?linkid=837858 |
|
| Details | Url | 1 | https://go.microsoft.com/fwlink/?linkid=867858 |