CVE-2018-8453

Опубликовано: 10 окт. 2018

Источник: nvd

CVSS3: 7.8

CVSS2: 7.2

EPSS Высокий

Описание

An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.

Ссылки

http://packetstormsecurity.com/files/153669/Microsoft-Windows-NtUserSetWindowFNID-Win32k-User-Callback.html
Exploit
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/105467
Broken Link
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1041828
Broken Link
Third Party Advisory
VDB Entry
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8453
Patch
Vendor Advisory
https://securelist.com/cve-2018-8453-used-in-targeted-attack
Exploit
Technical Description
Third Party Advisory
http://packetstormsecurity.com/files/153669/Microsoft-Windows-NtUserSetWindowFNID-Win32k-User-Callback.html
Exploit
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/105467
Broken Link
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1041828
Broken Link
Third Party Advisory
VDB Entry
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8453
Patch
Vendor Advisory
https://securelist.com/cve-2018-8453-used-in-targeted-attack
Exploit
Technical Description
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:microsoft:windows_10_1507:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_10_1607:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_10_1703:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_10_1709:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_10_1803:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_10_1809:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_1709:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_1803:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*

EPSS

Процентиль: 99%

0.84215

Высокий

7.8 High

CVSS3

7.2 High

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

CVE-2018-8453

CVSS3: 7

msrc

больше 6 лет назад

Win32k Elevation of Privilege Vulnerability

GHSA-8587-44mr-xf6j

CVSS3: 7.8

github

около 3 лет назад

BDU:2018-01220