CVE-2018-0952

HIGH

Microsoft Windows and Visual Studio <2016 - Elevation of Privilege

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2018-0952. PoCs published by Atredis Partners, atredispartners.

AI-analyzed exploit summary This is a detailed technical writeup explaining CVE-2018-0952, a privilege escalation vulnerability in the Windows Diagnostics Hub Standard Collector Service. It describes the root cause (lack of client impersonation during file operations), exploitation steps involving mount points and symlinks, and includes references to a PoC.

Description

An Elevation of Privilege vulnerability exists when Diagnostics Hub Standard Collector allows file creation in arbitrary locations, aka "Diagnostic Hub Standard Collector Elevation Of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Microsoft Visual Studio, Windows 10 Servers.

Exploits (2)

exploitdb WRITEUP VERIFIED

by Atredis Partners · textlocalwindows

https://www.exploit-db.com/exploits/45244

View Code ZIP pw:eip

This is a detailed technical writeup explaining CVE-2018-0952, a privilege escalation vulnerability in the Windows Diagnostics Hub Standard Collector Service. It describes the root cause (lack of client impersonation during file operations), exploitation steps involving mount points and symlinks, and includes references to a PoC.

Classification

Writeup 100%

Attack Type

Lpe

Complexity

Complex

Reliability

Racy

Target: Windows 10, Windows Server 2016, Visual Studio 2015/2017

Auth required

Prerequisites: Local user access · Ability to create mount points and symlinks · Write permissions in a scratch directory

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1548.002 - Bypass User Account Control

devstral-2 · analyzed Feb 18, 2026 Full analysis →

nomisec WORKING POC 111 stars

by atredispartners · poc

https://github.com/atredispartners/CVE-2018-0952-SystemCollector

View Code ZIP pw:eip

This repository contains a functional proof-of-concept exploit for CVE-2018-0952, a privilege escalation vulnerability in the Windows Diagnostics Hub Standard Collector Service. The exploit leverages a TOCTOU race condition and DLL hijacking to execute arbitrary code with SYSTEM privileges.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Complex

Reliability

Racy

Target: Windows 10, Windows Server 2016, Visual Studio 2015/2017

No auth needed

Prerequisites: User access to a Windows system with the vulnerable service running · Ability to write files to a user-writable directory

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/105048

Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/45244/

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1041466

Patch, Vendor Advisory x_refsource_confirm

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0952

Scores

CVSS v3 7.8

EPSS 0.0623

EPSS Percentile 92.7%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

Status published

Products (11)

microsoft/visual_studio_2015

microsoft/visual_studio_2017

microsoft/visual_studio_2017 15.8

microsoft/windows_10

microsoft/windows_10 1607

microsoft/windows_10 1703

microsoft/windows_10 1709

microsoft/windows_10 1803

microsoft/windows_server_2016

microsoft/windows_server_2016 1709

... and 1 more

Published Aug 15, 2018

Tracked Since Feb 18, 2026