Vulnerability Details : CVE-2018-8410
An elevation of privilege vulnerability exists when the Windows Kernel API improperly handles registry objects in memory, aka "Windows Registry Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
Vulnerability category: Gain privilege
Products affected by CVE-2018-8410
- cpe:2.3:o:microsoft:windows_server:2008:sp2:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server:2008:r2:sp1:*:*:*:itanium:*
- cpe:2.3:o:microsoft:windows_server:2012:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server:2012:r2:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server:2016:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server:2016:1803:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server:2016:1709:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-8410
73.72%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 98 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-8410
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.2
|
HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
3.9
|
10.0
|
NIST | |
7.8
|
HIGH | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST |
CWE ids for CVE-2018-8410
-
The product does not release or incorrectly releases a resource before it is made available for re-use.Assigned by: nvd@nist.gov (Primary)
References for CVE-2018-8410
-
https://www.exploit-db.com/exploits/45436/
Microsoft Windows - Double Dereference in NtEnumerateKey Elevation of PrivilegeExploit;Third Party Advisory;VDB Entry
-
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8410
CVE-2018-8410 - Security Update Guide - Microsoft - Windows Registry Elevation of Privilege VulnerabilityPatch;Vendor Advisory
-
http://www.securitytracker.com/id/1041635
Windows Kernel Multiple Flaws Let Local Users Deny Service, Obtain Potentially Sensitive Information, and Gain Elevated Privileges - SecurityTrackerThird Party Advisory;VDB Entry
-
http://www.securityfocus.com/bid/105256
Microsoft Windows Registry CVE-2018-8410 Local Privilege Escalation VulnerabilityThird Party Advisory;VDB Entry
Jump to