Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2018-1038Corporation Windows vulnerability

15 documents8 sources
Severity
7.8HIGHNVD
EPSS
61.3%
top 1.68%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
6
Microsoft Corporation WindowsMicrosoft Windows Server 2008Msrc Windows 7 FOR 32-bit Systems Service Pack 1+3 more
Timeline
PublishedApr 2
Latest updateMay 13

Description

The Windows kernel in Windows 7 SP1 and Windows Server 2008 R2 SP1 allows an elevation of privilege vulnerability due to the way it handles objects in memory, aka "Windows Kernel Elevation of Privilege Vulnerability."

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages6 packages

CVEListV5microsoft_corporation/windowsWindows 7 SP1 and Windows Server 2008 R2 SP1

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

3
GHSA
GHSA-5539-34h9-rxqp: The Windows kernel in Windows 7 SP1 and Windows Server 2008 R2 SP1 allows an elevation of privilege vulnerability due to the way it handles objects in2022-05-13
Project0
Taking a page from the kernel's book: A TLB issue in mremap() - Project Zero2019-01-01
VulnCheck
Windows Kernel Elevation of Privilege2018

💥Exploits & PoCs

1
Exploit-DB
Microsoft Windows - Local Privilege Escalation2018-04-24

📋Vendor Advisories

1
Microsoft
Windows Kernel Elevation of Privilege Vulnerability2018-03-13

🕵️Threat Intelligence

9
Trendmicro
Microsoft Fixes Vulnerabilities in Fonts and Keyboard2018-04-11
Trendmicro
Microsoft Fixes Vulnerabilities in Fonts and Keyboard2018-04-11
Trendmicro
Microsoft Fixes Vulnerabilities in Fonts and Keyboard2018-04-11
Trendmicro
Microsoft Fixes Vulnerabilities in Fonts and Keyboard2018-04-11
Trendmicro
Microsoft Fixes Vulnerabilities in Fonts and Keyboard2018-04-11
CVE-2018-1038 — Corporation Windows vulnerability | cvebase