Vulnerability Details : CVE-2018-1038
The Windows kernel in Windows 7 SP1 and Windows Server 2008 R2 SP1 allows an elevation of privilege vulnerability due to the way it handles objects in memory, aka "Windows Kernel Elevation of Privilege Vulnerability."
Vulnerability category: Gain privilege
Products affected by CVE-2018-1038
- cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*
- cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x64:*
Exploit prediction scoring system (EPSS) score for CVE-2018-1038
96.71%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 100 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-1038
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.2
|
HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
3.9
|
10.0
|
NIST | |
7.8
|
HIGH | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST |
References for CVE-2018-1038
-
http://www.securityfocus.com/bid/103549
Microsoft Windows Kernel CVE-2018-1038 Local Privilege Escalation VulnerabilityThird Party Advisory;VDB Entry
-
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1038
CVE-2018-1038 | Windows Kernel Elevation of Privilege VulnerabilityPatch;Vendor Advisory
-
https://www.exploit-db.com/exploits/44581/
Microsoft Windows - Local Privilege EscalationExploit;Third Party Advisory;VDB Entry
-
https://blog.xpnsec.com/total-meltdown-cve-2018-1038/
XPN InfoSec BlogExploit;Third Party Advisory
-
http://www.securitytracker.com/id/1040632
Windows Kernel Object Memory Handling Error Lets Local Users Gain Elevated Privileges - SecurityTrackerThird Party Advisory;VDB Entry
Jump to