CVE-2018-8120
7
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows Server 2008, Windows 7, Windows Server 2008 R2. This CVE ID is unique from CVE-2018-8124, CVE-2018-8164, CVE-2018-8166.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Microsoft | Windows Server 2008 | 32-bit Systems Service Pack 2 | affected |
| Microsoft | Windows Server 2008 | 32-bit Systems Service Pack 2 (Server Core installation) | affected |
| Microsoft | Windows Server 2008 | Itanium-Based Systems Service Pack 2 | affected |
| Microsoft | Windows Server 2008 | x64-based Systems Service Pack 2 | affected |
| Microsoft | Windows Server 2008 | x64-based Systems Service Pack 2 (Server Core installation) | affected |
| Microsoft | Windows 7 | 32-bit Systems Service Pack 1 | affected |
| Microsoft | Windows 7 | x64-based Systems Service Pack 1 | affected |
| Microsoft | Windows Server 2008 R2 | Itanium-Based Systems Service Pack 1 | affected |
| Microsoft | Windows Server 2008 R2 | x64-based Systems Service Pack 1 | affected |
| Microsoft | Windows Server 2008 R2 | x64-based Systems Service Pack 1 (Server Core installation) | affected |
Weaknesses
- Elevation of Privilege
ADP Enrichment
CVE Program Container
Additional References
- https://www.exploit-db.com/exploits/45653/
- http://www.securitytracker.com/id/1040849
- http://www.securityfocus.com/bid/104034
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8120
CISA ADP Vulnrichment
- SSVC:
- Exploitation: active
- Automatable: no
- Technical Impact: total
Additional References
References
- https://www.exploit-db.com/exploits/45653/
- http://www.securitytracker.com/id/1040849
- http://www.securityfocus.com/bid/104034
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8120
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.