CVE-2018-0952

HIGH

Microsoft Windows and Visual Studio <2016 - Elevation of Privilege

Title source: llm

Description

An Elevation of Privilege vulnerability exists when Diagnostics Hub Standard Collector allows file creation in arbitrary locations, aka "Diagnostic Hub Standard Collector Elevation Of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Microsoft Visual Studio, Windows 10 Servers.

Exploits (2)

exploitdb WRITEUP VERIFIED

by Atredis Partners · textlocalwindows

https://www.exploit-db.com/exploits/45244

View Code ZIP pw:eip

nomisec WORKING POC 111 stars

by atredispartners · poc

https://github.com/atredispartners/CVE-2018-0952-SystemCollector

View Code ZIP pw:eip

References (4)

Core 4

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/105048

Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/45244/

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1041466

Patch, Vendor Advisory x_refsource_confirm

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0952

Scores

CVSS v3 7.8

EPSS 0.3918

EPSS Percentile 97.3%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

Status published

Products (11)

microsoft/visual_studio_2015

microsoft/visual_studio_2017

microsoft/visual_studio_2017 15.8

microsoft/windows_10

microsoft/windows_10 1607

microsoft/windows_10 1703

microsoft/windows_10 1709

microsoft/windows_10 1803

microsoft/windows_server_2016

microsoft/windows_server_2016 1709

... and 1 more

Published Aug 15, 2018

Tracked Since Feb 18, 2026