Lucene search

[email protected]NVD:CVE-2018-10172

HistoryApr 16, 2018 - 10:29 p.m.

CVE-2018-10172

2018-04-1622:29:00

CWE-269

[email protected]

web.nvd.nist.gov

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

8.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

AI Score

8.7

Confidence

High

EPSS

Percentile

12.6%

JSON

7-Zip through 18.01 on Windows implements the “Large memory pages” option by calling the LsaAddAccountRights function to add the SeLockMemoryPrivilege privilege to the user’s account, which makes it easier for attackers to bypass intended access restrictions by using this privilege in the context of a sandboxed process. Note: This has been disputed by 3rd parties who argue this is a valid feature of Windows.

Affected configurations

Nvd

Node

7-zip7-zipRange≤18.01windows

VendorProductVersionCPE
7-zip7-zip*cpe:2.3:a:7-zip:7-zip:*:*:*:*:*:windows:*:*

Vendor	Product	Version	CPE
7-zip	7-zip	*	cpe:2.3:a:7-zip:7-zip::::::windows::*

References

sourceforge.net/p/sevenzip/discussion/45797/thread/e730c709/?limit=25&page=1#b240

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

8.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

AI Score

8.7

Confidence

High

EPSS

Percentile

12.6%

JSON

Related for NVD:CVE-2018-10172

prion1 cve1 openvas1 cvelist1