Vulnerability Details : CVE-2018-0877
The Desktop Bridge Virtual File System (VFS) in Windows 10 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to how file paths are managed, aka "Windows Desktop Bridge VFS Elevation of Privilege Vulnerability".
Vulnerability category: Gain privilege
Products affected by CVE-2018-0877
- cpe:2.3:o:microsoft:windows_server:1709:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-0877
0.30%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 69 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-0877
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.2
|
HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
3.9
|
10.0
|
NIST | |
7.8
|
HIGH | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST |
References for CVE-2018-0877
-
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0877
CVE-2018-0877 | Windows Desktop Bridge VFS Elevation of Privilege VulnerabilityPatch;Vendor Advisory
-
http://www.securitytracker.com/id/1040520
Windows Component Flaws Lets Local Users Gain Elevated Privileges - SecurityTrackerThird Party Advisory;VDB Entry
-
https://www.exploit-db.com/exploits/44313/
Microsoft Windows - Desktop Bridge VFS Privilege EscalationExploit;Third Party Advisory;VDB Entry
-
http://www.securityfocus.com/bid/103227
Microsoft Windows Desktop Bridge VFS CVE-2018-0877 Local Privilege Escalation VulnerabilityThird Party Advisory;VDB Entry
Jump to