← back
CVE-2018-1000006

CVE-2018-1000006

EPSS 84.4%
Vexday Risk Score
62High priority
SSVC decision (CISA)
Attend
PoC available → attend closely
Exploit maturity
Functional exploit
Popular PoC on GitHub (39 stars) — exploitation code widely available.
CVSS EPSS 84.4%KEV nãoPoC públicaNuclei Metasploit simPatch
Lifecycle
24 Jan 2018Published on NVD
25 Jan 2018Metasploit module available
25 Jan 2018Public PoC
Weaponization speed
same dayto first PoC
same dayto Metasploit module
Weaponized quickly — attackers prioritized this vulnerability. Patch urgently.
Recommendation: Plan a near-term fix — a public PoC already exists.
GitHub Electron versions 1.8.2-beta.3 and earlier, 1.7.10 and earlier, 1.6.15 and earlier has a vulnerability in the protocol handler, specifically Electron apps running on Windows 10, 7 or 2008 that register custom protocol handlers can be tricked in arbitrary command execution if the user clicks on a specially crafted URL. This has been fixed in versions 1.8.2-beta.4, 1.7.11, and 1.6.16.
Affected products
n/a · n/a
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.