CVE-2018-8120
HIGH
7,0
Source: [email protected]
Attack Vector: local
Attack Complexity: high
Privileges Required: low
User Interaction: none
Scope: unchanged
Confidentiality: high
Integrity: high
Availability: high
HIGH
7,2
Source: [email protected]
Access Vector: local
Access Complexity: low
Authentication: none
Confidentiality: complete
Integrity: complete
Availability: complete
Description
AI Translation Available
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability.' This affects Windows Server 2008, Windows 7, Windows Server 2008 R2. This CVE ID is unique from CVE-2018-8124, CVE-2018-8164, CVE-2018-8166.
EPSS (Exploit Prediction Scoring System)
Trend Analysis
EPSS (Exploit Prediction Scoring System)
Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.
EPSS Score
0,9415
Percentile
1,0th
Updated
EPSS Score Trend (Last 90 Days)
404
Improper Resource Shutdown or Release
DraftCommon Consequences
Security Scopes Affected:
Availability
Other
Confidentiality
Potential Impacts:
Dos: Resource Consumption (Other)
Varies By Context
Read Application Data
Applicable Platforms
All platforms may be affected
Exploit
Microsoft Windows - SetImeInfoEx Win32k NULL Pointer Dereference …
Verified LocalMicrosoft Windows - SetImeInfoEx Win32k NULL Pointer Dereference (Metasploit)
View Exploit Code →
Operating System
Windows Server 2008 by Microsoft
CPE Identifier
View Detailed Analysis
cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Windows Server 2008 by Microsoft
CPE Identifier
View Detailed Analysis
cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Windows Server 2008 by Microsoft
CPE Identifier
View Detailed Analysis
cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Windows 7 by Microsoft
CPE Identifier
View Detailed Analysis
cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018…
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8120
https://www.exploit-db.com/exploits/45653/
http://www.securityfocus.com/bid/104034
http://www.securitytracker.com/id/1040849
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8120
https://www.exploit-db.com/exploits/45653/
http://www.securityfocus.com/bid/104034
http://www.securitytracker.com/id/1040849