7.8

CVE-2018-0748

Exploit
The Windows kernel in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way memory addresses are handled, aka "Windows Elevation of Privilege Vulnerability".
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MicrosoftWindows 10 Version-
MicrosoftWindows 10 Version1511
MicrosoftWindows 10 Version1607
MicrosoftWindows 10 Version1703
MicrosoftWindows 10 Version1709
MicrosoftWindows 7 Version- Updatesp1
MicrosoftWindows 8.1 Version-
MicrosoftWindows Server 2008 Version- Updatesp2
MicrosoftWindows Server 2008 Versionr2 Updatesp1 HwPlatformitanium
MicrosoftWindows Server 2008 Versionr2 Updatesp1 HwPlatformx64
MicrosoftWindows Server 2016 Version1709
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.78% 0.845
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 4.6 3.9 6.4
AV:L/AC:L/Au:N/C:P/I:P/A:P
CWE-269 Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

http://www.securityfocus.com/bid/102354
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1040095
Third Party Advisory
VDB Entry
https://95cnsec.com/windows-kernel-cve-2018-0748-exploit.html
Broken Link
URL Repurposed
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0748
Patch
Vendor Advisory
https://www.exploit-db.com/exploits/43514/
Third Party Advisory
Exploit
VDB Entry