Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2018-0877Corporation Windows Desktop Bridge Virtual File System vulnerability

9 documents8 sources
Severity
7.8HIGHNVD
EPSS
11.5%
top 6.36%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
10
Microsoft Corporation Windows Desktop Bridge Virtual File SystemMicrosoft Windows 10Microsoft Windows Server+7 more
Timeline
PublishedMar 14
Latest updateMay 13

Description

The Desktop Bridge Virtual File System (VFS) in Windows 10 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to how file paths are managed, aka "Windows Desktop Bridge VFS Elevation of Privilege Vulnerability".

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages10 packages

CVEListV5microsoft_corporation/windows_desktop_bridge_virtual_file_systemWindows 10 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

2
GHSA
GHSA-3645-mgp5-qw4j: The Desktop Bridge Virtual File System (VFS) in Windows 10 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevat2022-05-13
Project0
Hunting for Bugs in Windows Mini-Filter Drivers - Project Zero2021-01-01

💥Exploits & PoCs

1
Exploit-DB
Microsoft Windows - Desktop Bridge VFS Privilege Escalation2018-03-20

📋Vendor Advisories

1
Microsoft
Windows Desktop Bridge VFS Elevation of Privilege Vulnerability2018-03-13

🕵️Threat Intelligence

3
Talos
Microsoft Patch Tuesday - March 20182018-03-13
Talos
Microsoft Patch Tuesday - March 20182018-03-13
Zscaler
Zscaler found Multiple Security Vulnerabilities | 03-13-2018

💬Community

1
Bugzilla
CVE-2018-10912 keycloak: infinite loop in session replacement leading to denial of service2018-07-23
CVE-2018-0877 — HIGH severity | cvebase