Vulnerability Details : CVE-2018-0880
The Desktop Bridge in Windows 10 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to how the virtual registry is managed, aka "Windows Desktop Bridge Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0882.
Vulnerability category: Gain privilege
Products affected by CVE-2018-0880
- cpe:2.3:o:microsoft:windows_server:1709:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-0880
0.26%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 65 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-0880
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.9
|
MEDIUM | AV:L/AC:M/Au:N/C:C/I:C/A:C |
3.4
|
10.0
|
NIST | |
7.0
|
HIGH | CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.0
|
5.9
|
NIST |
References for CVE-2018-0880
-
http://www.securityfocus.com/bid/103239
Microsoft Windows Desktop Bridge CVE-2018-0880 Local Privilege Escalation VulnerabilityThird Party Advisory;VDB Entry
-
http://www.securitytracker.com/id/1040520
Windows Component Flaws Lets Local Users Gain Elevated Privileges - SecurityTrackerThird Party Advisory;VDB Entry
-
https://www.exploit-db.com/exploits/44314/
Microsoft Windows - Desktop Bridge Virtual Registry Arbitrary File Read/Write Privilege EscalationExploit;Third Party Advisory;VDB Entry
-
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0880
CVE-2018-0880 | Windows Desktop Bridge Elevation of Privilege VulnerabilityPatch;Vendor Advisory
Jump to