cbcvebase.
CVE-2018-8596
published 2018-12-12

CVE-2018-8596: An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka "Windows GDI Information…

PriorityP275medium6.5CVSS 3.0
AVNACLPRNUIRSUCHINAN
ITWVulnCheck KEV
Exploited in the wild
EPSS
6.87%
93.3th percentile
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka "Windows GDI Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8595.

Affected

59 ranges· showing 25
VendorProductVersion rangeFixed in
microsoftwindows_10
microsoftwindows_10
microsoftwindows_10
microsoftwindows_10
microsoftwindows_10
microsoftwindows_10
microsoftwindows_10
microsoftwindows_10
microsoftwindows_10
microsoftwindows_10
microsoftwindows_10
microsoftwindows_10
microsoftwindows_10
microsoftwindows_10
microsoftwindows_10
microsoftwindows_10
microsoftwindows_10
microsoftwindows_10
microsoftwindows_10
microsoftwindows_10
microsoftwindows_10_servers
microsoftwindows_10_servers
microsoftwindows_7
microsoftwindows_7
microsoftwindows_8.1

Detection & IOCsextracted from sources · hover to see the quote

  • Exploitation vector involves convincing a user to open a specially crafted document or visit an untrusted webpage, triggering improper memory disclosure in the Windows GDI component.
  • The vulnerability leaks memory layout information (ASLR bypass class), enabling an attacker to predict memory addressing — monitor for GDI-related memory disclosure patterns in user-mode processes handling untrusted documents or web content.
  • ·Exploitation is rated 'More Likely' for both latest and older software releases, but as of advisory publication the vulnerability had NOT been publicly disclosed or exploited in the wild.
  • ·Affected platforms span a wide range of Windows versions; detections should cover Windows 7, 8.1, RT 8.1, 10, Server 2008/2008 R2/2012/2012 R2/2016/2019.

CVSS provenance

nvdv3.06.5MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:P/I:N/A:N
vulncheck6.5MEDIUM
vendor_msrc4.7MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.