7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
“An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory” – MITRE description.
Recent assessments:
jrobles-r7 at June 17, 2019 6:51pm UTC reported:
The handling of objects in memory allowed for a double-free of a memory region, which could be used to escalate privileges on a local system. See MSRC link for vulnerable versions and patch information.
The <https://github.com/ze0r/cve-2018-8453-exp> PoC for x86 systems successfully worked for me on Win10 x86 systems. The x64 version did not work for me though.
space-r7 at June 20, 2019 2:12pm UTC reported:
The handling of objects in memory allowed for a double-free of a memory region, which could be used to escalate privileges on a local system. See MSRC link for vulnerable versions and patch information.
The <https://github.com/ze0r/cve-2018-8453-exp> PoC for x86 systems successfully worked for me on Win10 x86 systems. The x64 version did not work for me though.
gwillcox-r7 at November 22, 2020 2:58am UTC reported:
The handling of objects in memory allowed for a double-free of a memory region, which could be used to escalate privileges on a local system. See MSRC link for vulnerable versions and patch information.
The <https://github.com/ze0r/cve-2018-8453-exp> PoC for x86 systems successfully worked for me on Win10 x86 systems. The x64 version did not work for me though.
Assessed Attacker Value: 4
Assessed Attacker Value: 4Assessed Attacker Value: 4
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C