CVE-2018-1038

HIGH EXPLOITED

Windows <7 SP1 & <Server 2008 R2 SP1 - Privilege Escalation

Title source: llm

Exploitation Summary

CVE-2018-1038 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 1 public exploit from researchers including XPN.

AI-analyzed exploit summary This exploit leverages the TotalMeltdown vulnerability (CVE-2018-1038) to achieve local privilege escalation by manipulating page tables to gain arbitrary physical memory access. It maps physical memory regions and hijacks PML4 entries to create malicious page table mappings.

Description

The Windows kernel in Windows 7 SP1 and Windows Server 2008 R2 SP1 allows an elevation of privilege vulnerability due to the way it handles objects in memory, aka "Windows Kernel Elevation of Privilege Vulnerability."

Exploits (1)

exploitdb WORKING POC

by XPN · clocalwindows

https://www.exploit-db.com/exploits/44581

View Code ZIP pw:eip

This exploit leverages the TotalMeltdown vulnerability (CVE-2018-1038) to achieve local privilege escalation by manipulating page tables to gain arbitrary physical memory access. It maps physical memory regions and hijacks PML4 entries to create malicious page table mappings.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Complex

Reliability

Reliable

Target: Windows Kernel (affected versions)

No auth needed

Prerequisites: Local access to the vulnerable system · Unpatched Windows kernel

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1055 - Process Injection

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (5)

Core 5

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/103549

Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/44581/

Patch, Vendor Advisory x_refsource_confirm

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1038

Exploit, Third Party Advisory x_refsource_misc

https://blog.xpnsec.com/total-meltdown-cve-2018-1038/

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1040632

Scores

CVSS v3 7.8

EPSS 0.6128

EPSS Percentile 98.4%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2018-06-01

Status published

Products (2)

microsoft/windows_7

microsoft/windows_server_2008 r2 sp1

Published Apr 02, 2018

Tracked Since Feb 18, 2026