Vulnerability Details : CVE-2018-8554
An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory, aka "DirectX Elevation of Privilege Vulnerability." This affects Windows 10 Servers, Windows 10, Windows Server 2019. This CVE ID is unique from CVE-2018-8485, CVE-2018-8561.
Vulnerability category: Gain privilege
Products affected by CVE-2018-8554
- cpe:2.3:o:microsoft:windows_server:1803:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-8554
0.50%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 63 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-8554
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.2
|
HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
3.9
|
10.0
|
NIST | |
|
7.8
|
HIGH | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST |
CWE ids for CVE-2018-8554
-
The product does not release or incorrectly releases a resource before it is made available for re-use.Assigned by: nvd@nist.gov (Primary)
References for CVE-2018-8554
-
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8554
CVE-2018-8554 - Security Update Guide - Microsoft - DirectX Elevation of Privilege VulnerabilityPatch;Vendor Advisory
-
http://www.securitytracker.com/id/1042135
Microsoft DirectX Lets Local Users Gain Elevated Privileges - SecurityTrackerThird Party Advisory;VDB Entry
-
http://www.securityfocus.com/bid/105811
Microsoft Windows DirectX CVE-2018-8554 Local Privilege Escalation VulnerabilityThird Party Advisory;VDB Entry
Jump to