Vulnerability Details : CVE-2018-8399
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows 10 Servers, Windows 10. This CVE ID is unique from CVE-2018-8404.
Vulnerability category: Gain privilege
Products affected by CVE-2018-8399
- cpe:2.3:o:microsoft:windows_server:1709:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server:1803:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-8399
0.98%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 76 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-8399
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
6.9
|
MEDIUM | AV:L/AC:M/Au:N/C:C/I:C/A:C |
3.4
|
10.0
|
NIST | |
|
7.0
|
HIGH | CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.0
|
5.9
|
NIST |
CWE ids for CVE-2018-8399
-
The product does not release or incorrectly releases a resource before it is made available for re-use.Assigned by: nvd@nist.gov (Primary)
References for CVE-2018-8399
-
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8399
CVE-2018-8399 | Win32k Elevation of Privilege VulnerabilityPatch;Vendor Advisory
-
http://www.securityfocus.com/bid/104998
Microsoft Windows Kernel 'Win32k.sys' CVE-2018-8399 Local Privilege Escalation VulnerabilityThird Party Advisory;VDB Entry
-
http://www.securitytracker.com/id/1041466
Windows Win32k and Other Component Bugs Let Remote Users Execute Arbitrary Code and Local Users Gain Elevated Privileges - SecurityTrackerThird Party Advisory;VDB Entry
Jump to