CVE-2018-0743 - Windows Subsystem for Linux in Windows 10 version 1703, Windows 10 version 1709, and Windows Server,

CVE-2018-0743

Summary

Windows Subsystem for Linux in Windows 10 version 1703, Windows 10 version 1709, and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way objects are handled in memory, aka "Windows Subsystem for Linux Elevation of Privilege Vulnerability".

References

Vulnerable Configurations

cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2016:1709:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2016:1709:*:*:*:*:*:*:*

CVSS

Base:	4.4 (as of 03-10-2019 - 00:03)
Impact:
Exploitability:

CWE

NVD-CWE-noinfo

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:L/AC:M/Au:N/C:P/I:P/A:P

refmap via4

bid	102350
confirm	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0743
exploit-db	43962
misc	https://github.com/saaramar/execve_exploit https://twitter.com/AmarSaar/status/948892321755598848
sectrack	1040094

Last major update

03-10-2019 - 00:03

Published

04-01-2018 - 14:29

Last modified

03-10-2019 - 00:03