Vulnerability Details : CVE-2018-0750
The Windows GDI component in Windows 7 SP1 and Windows Server 2008 SP2 and R2 SP1 allows an information disclosure vulnerability due to the way objects are handled in memory, aka "Windows Elevation of Privilege Vulnerability".
Vulnerability category: Gain privilegeInformation leak
Products affected by CVE-2018-0750
- cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-0750
0.06%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 21 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-0750
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
2.1
|
LOW | AV:L/AC:L/Au:N/C:P/I:N/A:N |
3.9
|
2.9
|
NIST | |
5.5
|
MEDIUM | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
1.8
|
3.6
|
NIST |
References for CVE-2018-0750
-
http://www.securitytracker.com/id/1040091
Microsoft Windows GDI+ Lets Local Users Obtain Potentially Sensitive Kernel Address Information on the Target System - SecurityTrackerThird Party Advisory;VDB Entry
-
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0750
CVE-2018-0750 | Windows GDI Information Disclosure VulnerabilityVendor Advisory
-
http://www.securityfocus.com/bid/102357
Microsoft Windows GDI Component CVE-2018-0750 Local Information Disclosure VulnerabilityThird Party Advisory;VDB Entry
Jump to