Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2018-8550Microsoft Windows 10 vulnerability

11 documents5 sources
Severity
7.8HIGHNVD
EPSS
7.3%
top 8.28%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
20
Microsoft Windows 10Microsoft Windows Server 2008Microsoft Windows Server 2012+17 more
Timeline
PublishedNov 14
Latest updateMay 13

Description

An elevation of privilege exists in Windows COM Aggregate Marshaler, aka "Windows COM Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages18 packages

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

1
GHSA
GHSA-9g8w-9cx8-4wg9: An elevation of privilege exists in Windows COM Aggregate Marshaler, aka "Windows COM Elevation of Privilege Vulnerability2022-05-13

💥Exploits & PoCs

1
Exploit-DB
Microsoft Windows - DfMarshal Unsafe Unmarshaling Privilege Escalation2018-11-20

📋Vendor Advisories

1
Microsoft
Windows COM Elevation of Privilege Vulnerability2018-11-13

🕵️Threat Intelligence

7
Trendmicro
January Patch Tuesday Contains Fixes for DHCP2019-01-09
Trendmicro
January Patch Tuesday Contains Fixes for DHCP2019-01-09
Trendmicro
January Patch Tuesday Contains Fixes for DHCP2019-01-09
Trendmicro
January Patch Tuesday Contains Fixes for DHCP2019-01-09
Trendmicro
January Patch Tuesday Contains Fixes for DHCP2019-01-09