Lucene search
MicrosoftMS:CVE-2018-8120HistoryMay 08, 2018 - 7:00 a.m.
Win32k Elevation of Privilege Vulnerability
2018-05-0807:00:00
Microsoft
msrc.microsoft.com
10
0.974 High
EPSS
Percentile
99.9%
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.
The update addresses this vulnerability by correcting how Win32k handles objects in memory.
Related
threatpost
threatpost
ScarCruft APT Adds Bluetooth Harvester to its Malware Bag of Tricks
2019-05-13 16:46:09
Purple Fox EK Adds Microsoft Exploits to Arsenal
2020-07-06 15:21:30
May Patch Tuesday Fixes Two Bugs Under Active Attack
2018-05-08 20:42:20
packetstorm
packetstorm
Microsoft Windows SetImeInfoEx Win32k NULL Pointer Dereference
2018-10-19 00:00:00
symantec
symantec
securelist
securelist
ScarCruft continues to evolve, introduces Bluetooth harvester
2019-05-13 10:00:03
IT threat evolution Q2 2019
2019-08-19 10:00:29
A mining multitool
2018-07-26 10:00:25
metasploit
metasploit
Windows SetImeInfoEx Win32k NULL Pointer Dereference
2018-10-10 19:41:14
cisa_kev
cisa_kev
Microsoft Win32k Privilege Escalation Vulnerability
2022-03-15 00:00:00
checkpoint_advisories
checkpoint_advisories
Microsoft Win32k Elevation of Privilege (CVE-2018-8120)
2018-05-08 00:00:00
zdt
zdt
Microsoft Windows SetImeInfoEx Win32k NULL Pointer Dereference Exploit
2018-10-22 00:00:00
canvas
canvas
Immunity Canvas: SETIMEINFOEX_LPE
2018-05-09 19:29:00
exploitdb
exploitdb
trellix
trellix
Rapidly Evolving Ransomware Gandcrab Version
2018-10-10 00:00:00
Rapidly Evolving Ransomware Gandcrab Version
2018-10-10 00:00:00
myhack58
myhack58
mssecure
mssecure
Taking apart a double zero-day sample discovered in joint hunt with ESET
2018-07-02 15:00:00
thn
thn
Microsoft Patches Two Zero-Day Flaws Under Active Attack
2018-05-09 06:14:00
seebug
seebug
attackerkb
attackerkb
CVE-2018-8164
2018-05-09 00:00:00
CVE-2018-8120
2018-05-09 00:00:00
prion
prion
Privilege escalation
2018-05-09 19:29:00
Privilege escalation
2018-05-09 19:29:00
Privilege escalation
2018-05-09 19:29:00
cvelist
cvelist
malwarebytes
malwarebytes
Adobe Reader zero-day discovered alongside Windows vulnerability
2018-05-15 18:44:14
cve
cve
mskb
mskb
Description of the security update for the vulnerability in Windows Server 2008, Windows Embedded POSReady 2009, and Windows Embedded Standard 2009: May 08, 2018
2018-05-08 07:00:00
May 8, 2018âKB4103712 (Security-only update)
2018-05-08 07:00:00
May 8, 2018âKB4103718 (Monthly Rollup)
2018-05-08 07:00:00
nessus
nessus
Security Updates for Windows Server 2008 (May 2018)
2018-05-09 00:00:00
KB4103712: Windows 7 and Windows Server 2008 R2 May 2018 Security Update
2018-05-08 00:00:00
kaspersky
kaspersky
KLA11894 Multiple vulnerabilities in Microsoft Products (ESU)
2018-05-08 00:00:00
cisa
cisa
CISA Adds 15 Known Exploited Vulnerability to Catalog
2022-03-15 00:00:00
openvas
openvas
Microsoft Windows Multiple Vulnerabilities (KB4103718)
2018-05-09 00:00:00
trendmicroblog
trendmicroblog
talosblog
talosblog
Microsoft Patch Tuesday - May 2018
2018-05-08 12:02:00