CVE-2018-0982

HIGH

Windows 10 and Windows Server 2016 - Elevation of Privilege via Kernel API Permission Enforcement

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-0982. PoCs published by Google Security Research.

AI-analyzed exploit summary The writeup details a security feature bypass in Windows 10 1709 where the child process restriction mitigation policy can be bypassed by impersonating the anonymous token. It includes a technical analysis of the vulnerability, the affected code path, and a step-by-step explanation of the exploit mechanism.

Description

An elevation of privilege vulnerability exists in the way that the Windows Kernel API enforces permissions, aka "Windows Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Google Security Research · textlocalwindows

https://www.exploit-db.com/exploits/44888

View Code ZIP pw:eip

The writeup details a security feature bypass in Windows 10 1709 where the child process restriction mitigation policy can be bypassed by impersonating the anonymous token. It includes a technical analysis of the vulnerability, the affected code path, and a step-by-step explanation of the exploit mechanism.

Classification

Writeup 95%

Attack Type

Other

Complexity

Complex

Reliability

Reliable

Target: Windows 10 1709

No auth needed

Prerequisites: Access to a Windows 10 1709 system · Ability to run arbitrary code in an AppContainer

MITRE ATT&CK

T1134 - Access Token Manipulation

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (4)

Core 4

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/104382

Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/44888/

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1041093

Patch, Vendor Advisory x_refsource_confirm

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0982

Scores

CVSS v3 7.0

EPSS 0.0257

EPSS Percentile 83.2%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-732

Status published

Products (7)

microsoft/windows_10 1607

microsoft/windows_10 1703

microsoft/windows_10 1709

microsoft/windows_10 1803

microsoft/windows_server_2016

microsoft/windows_server_2016 1709

microsoft/windows_server_2016 1803

Published Jun 14, 2018

Tracked Since Feb 18, 2026