CVE-2018-8611

HIGH KEV

Windows Kernel - Privilege Escalation

Title source: llm

Description

An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka "Windows Kernel Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.

Exploits (1)

nomisec WORKING POC 11 stars

by lsw29475 · local

https://github.com/lsw29475/CVE-2018-8611

View Code ZIP pw:eip

References (3)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/106082

[Patch, Vendor Advisory] https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8611

[US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-8611

Scores

CVSS v3 7.8

EPSS 0.1636

EPSS Percentile 94.9%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CISA KEV 2022-05-24

VulnCheck KEV 2018-10-29

InTheWild.io 2018-10-29

ENISA EUVD EUVD-2018-20226

CWE

CWE-404

Status published

Products (14)

microsoft/windows_10_1607

microsoft/windows_10_1703

microsoft/windows_10_1709

microsoft/windows_10_1803

microsoft/windows_10_1809

microsoft/windows_7

microsoft/windows_8.1

microsoft/windows_rt_8.1

microsoft/windows_server_2008

microsoft/windows_server_2008 r2 (2 CPE variants)

... and 4 more

Published Dec 12, 2018

KEV Added May 24, 2022

Tracked Since Feb 18, 2026