Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2018-0745Improper Initialization in Corporation Windows Kernel

CWE-665Improper Initialization10 documents5 sources
Severity
4.7MEDIUMNVD
EPSS
14.5%
top 5.54%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
10
Microsoft Corporation Windows KernelMicrosoft Windows 10Microsoft Windows Server 2008+7 more
Timeline
PublishedJan 4
Latest updateMay 13

Description

The Windows kernel in Windows 10 version 1703. Windows 10 version 1709, and Windows Server, version 1709 allows an information disclosure vulnerability due to the way objects are handled in memory, aka "Windows Information Disclosure Vulnerability". This CVE ID is unique from CVE-2018-0746 and CVE-2018-0747.

CVSS vector

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.0 | Impact: 3.6

Affected Packages8 packages

🔴Vulnerability Details

3
GHSA
GHSA-4h5w-mr29-x8j7: The Windows kernel in Windows 7 SP1, Windows 82022-05-13
GHSA
GHSA-vj57-vwp3-5mfp: The Windows kernel in Windows 82022-05-13
GHSA
GHSA-x7ph-2vff-2hx7: The Windows kernel in Windows 10 version 17032022-05-13

💥Exploits & PoCs

1
Exploit-DB
Microsoft Windows - 'nt!NtQueryInformationProcess (information class 76_ QueryProcessEnergyValues)' Kernel Stack Memory Disclosure2018-01-09

📋Vendor Advisories

1
Microsoft
Windows Kernel Information Disclosure Vulnerability2018-01-09

🕵️Threat Intelligence

2
Talos
Microsoft Patch Tuesday - January 20182018-01-09
Talos
Microsoft Patch Tuesday - January 20182018-01-09
CVE-2018-0745 — Improper Initialization | cvebase