CVE-2018-0821

HIGH

Windows 10 and Windows Server 2016 - Elevation of Privilege via AppContainer Impersonation

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-0821. PoCs published by Google Security Research.

AI-analyzed exploit summary This exploit leverages the Constrained Impersonation capability in Windows 10 to impersonate a SYSTEM token from a low-privilege user context, leading to local privilege escalation. It uses a WebDAV server to capture a SYSTEM token during a UAC prompt and then impersonates it within an AppContainer process.

Description

AppContainer in Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way constrained impersonations are handled, aka "Windows AppContainer Elevation Of Privilege Vulnerability".

Exploits (1)

exploitdb WORKING POC VERIFIED

by Google Security Research · textlocalwindows

https://www.exploit-db.com/exploits/44149

View Code ZIP pw:eip

This exploit leverages the Constrained Impersonation capability in Windows 10 to impersonate a SYSTEM token from a low-privilege user context, leading to local privilege escalation. It uses a WebDAV server to capture a SYSTEM token during a UAC prompt and then impersonates it within an AppContainer process.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: Windows 10 1703/1709

Auth required

Prerequisites: Admin command prompt to set up HTTP ACL · UAC prompt interaction · WebDAV server setup

MITRE ATT&CK

T1134 - Access Token Manipulation T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (4)

Core 4

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1040379

Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/44149/

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/102939

Patch, Vendor Advisory x_refsource_confirm

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0821

Scores

CVSS v3 7.0

EPSS 0.0239

EPSS Percentile 81.8%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-269

Status published

Products (7)

microsoft/windows_10

microsoft/windows_10 1511

microsoft/windows_10 1607

microsoft/windows_10 1703

microsoft/windows_10 1709

microsoft/windows_server_2016

microsoft/windows_server_2016 1709

Published Feb 15, 2018

Tracked Since Feb 18, 2026