CVE-2018-8411

HIGH

Windows NTFS - Elevation of Privilege via Improper Access Check

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-8411. PoCs published by Google Security Research.

AI-analyzed exploit summary The exploit leverages the FSCTL_FIND_FILES_BY_SID control code in Windows to bypass directory listing permissions, allowing an attacker to disclose file names in directories where they lack FILE_LIST_DIRECTORY access. It requires quota tracking to be enabled on the target volume.

Description

An elevation of privilege vulnerability exists when NTFS improperly checks access, aka "NTFS Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Google Security Research · textdoswindows

https://www.exploit-db.com/exploits/45624

View Code ZIP pw:eip

The exploit leverages the FSCTL_FIND_FILES_BY_SID control code in Windows to bypass directory listing permissions, allowing an attacker to disclose file names in directories where they lack FILE_LIST_DIRECTORY access. It requires quota tracking to be enabled on the target volume.

Classification

Working Poc 90%

Attack Type

Info Leak

Complexity

Moderate

Reliability

Reliable

Target: Windows 10 (1709, 1803)

Auth required

Prerequisites: Quota tracking enabled on the target volume · Access to a directory with restricted listing permissions

MITRE ATT&CK

T1083 - File and Directory Discovery

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Patch, Vendor Advisory x_refsource_confirm

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8411

Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/45624/

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1041832

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/105508

Scores

CVSS v3 7.8

EPSS 0.0307

EPSS Percentile 85.9%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-732

Status published

Products (16)

microsoft/windows_10

microsoft/windows_10 1607

microsoft/windows_10 1703

microsoft/windows_10 1709

microsoft/windows_10 1803

microsoft/windows_10 1809

microsoft/windows_7

microsoft/windows_8.1 (2 CPE variants)

microsoft/windows_server_2008

microsoft/windows_server_2008 r2 sp1 (2 CPE variants)

... and 6 more

Published Oct 10, 2018

Tracked Since Feb 18, 2026