CVE-2018-8120
Microsoft Win32k Privilege Escalation Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
8Exploited in Wild
YesDecision
Descriptions
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows Server 2008, Windows 7, Windows Server 2008 R2. This CVE ID is unique from CVE-2018-8124, CVE-2018-8164, CVE-2018-8166.
Existe una vulnerabilidad de elevaciĆ³n de privilegios en Windows cuando el componente Win32k no gestiona adecuadamente los objetos en la memoria. Esto tambiĆ©n se conoce como "Win32k Elevation of Privilege Vulnerability". Esto afecta a Windows Server 2008, Windows 7 y Windows Server 2008 R2. El ID de este CVE es diferente de CVE-2018-8124, CVE-2018-8164 y CVE-2018-8166.
A privilege escalation vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2018-03-14 CVE Reserved
- 2018-05-09 CVE Published
- 2018-05-09 First Exploit
- 2022-03-15 Exploited in Wild
- 2022-04-05 KEV Due Date
- 2024-08-05 CVE Updated
- 2024-08-12 EPSS Updated
CWE
- CWE-404: Improper Resource Shutdown or Release
CAPEC
References (14)
URL | Tag | Source |
---|---|---|
http://www.securityfocus.com/bid/104034 | Third Party Advisory | |
http://www.securitytracker.com/id/1040849 | Third Party Advisory | |
https://github.com/unamer/CVE-2018-8120 | ||
https://github.com/bigric3/cve-2018-8120 | ||
http://bigric3.blogspot.com/2018/05/cve-2018-8120-analysis-and-exploit.html |
URL | Date | SRC |
---|---|---|
https://www.exploit-db.com/exploits/45653 | 2024-08-05 | |
https://github.com/rip1s/CVE-2018-8120 | 2018-05-30 | |
https://github.com/alpha1ab/CVE-2018-8120 | 2018-08-08 | |
https://github.com/EVOL4/CVE-2018-8120 | 2018-08-10 | |
https://github.com/StartZYP/CVE-2018-8120 | 2020-08-28 | |
https://github.com/ozkanbilge/CVE-2018-8120 | 2018-08-16 | |
https://github.com/qiantu88/CVE-2018-8120 | 2018-08-08 | |
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/local/ms18_8120_win32k_privesc.rb | 2018-05-09 |
URL | Date | SRC |
---|---|---|
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8120 | 2018-05-09 |
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Microsoft Search vendor "Microsoft" | Windows 7 Search vendor "Microsoft" for product "Windows 7" | - | sp1 |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Windows Server 2008 Search vendor "Microsoft" for product "Windows Server 2008" | - | sp2 |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Windows Server 2008 Search vendor "Microsoft" for product "Windows Server 2008" | r2 Search vendor "Microsoft" for product "Windows Server 2008" and version "r2" | sp1, itanium |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Windows Server 2008 Search vendor "Microsoft" for product "Windows Server 2008" | r2 Search vendor "Microsoft" for product "Windows Server 2008" and version "r2" | sp1, x64 |
Affected
|