CVE-2018-8611

HIGH KEV

Windows Kernel - Privilege Escalation

Title source: llm

Exploitation Summary

CVE-2018-8611 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added May 24, 2022. EIP tracks 1 public exploit from researchers including lsw29475.

AI-analyzed exploit summary This is a working proof-of-concept exploit for CVE-2018-8611, a Windows kernel privilege escalation vulnerability. The exploit leverages pool feng shui and kernel object manipulation to achieve arbitrary code execution in kernel mode.

Description

An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka "Windows Kernel Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.

Exploits (1)

nomisec WORKING POC 11 stars

by lsw29475 · local

https://github.com/lsw29475/CVE-2018-8611

View Code ZIP pw:eip

This is a working proof-of-concept exploit for CVE-2018-8611, a Windows kernel privilege escalation vulnerability. The exploit leverages pool feng shui and kernel object manipulation to achieve arbitrary code execution in kernel mode.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Complex

Reliability

Racy

Target: Windows 10 (1803)

Auth required

Prerequisites: Local access to the target system · Administrative privileges to run the exploit

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1055 - Process Injection

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

US Government Resource

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-8611

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/106082

Patch, Vendor Advisory x_refsource_confirm

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8611

Scores

CVSS v3 7.8

EPSS 0.0420

EPSS Percentile 89.6%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation active

Automatable no

Technical Impact total

Details

CISA KEV 2022-05-24

VulnCheck KEV 2018-10-29

InTheWild.io 2018-10-29

ENISA EUVD EUVD-2018-20226

CWE

CWE-404

Status published

Products (14)

microsoft/windows_10_1607

microsoft/windows_10_1703

microsoft/windows_10_1709

microsoft/windows_10_1803

microsoft/windows_10_1809

microsoft/windows_7

microsoft/windows_8.1

microsoft/windows_rt_8.1

microsoft/windows_server_2008

microsoft/windows_server_2008 r2 (2 CPE variants)

... and 4 more

Published Dec 12, 2018

KEV Added May 24, 2022

Tracked Since Feb 18, 2026