Vulnerabilites related to microsoft - windows_server_1709
cve-2018-0844
Vulnerability from cvelistv5
Published
2018-02-15 02:00
Modified
2024-09-16 22:57
Severity ?
EPSS score ?
Summary
The Windows Common Log File System (CLFS) driver in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to how objects in memory are handled, aka "Windows Common Log File System Driver Elevation Of Privilege Vulnerability". This CVE is unique from CVE-2018-0846.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1040380 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/102929 | vdb-entry, x_refsource_BID | |
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0844 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Microsoft Corporation | Windows Common Log File System |
Version: Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T03:44:10.386Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "1040380", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1040380", }, { name: "102929", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/102929", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0844", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Windows Common Log File System", vendor: "Microsoft Corporation", versions: [ { status: "affected", version: "Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709", }, ], }, ], datePublic: "2018-02-13T00:00:00", descriptions: [ { lang: "en", value: "The Windows Common Log File System (CLFS) driver in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to how objects in memory are handled, aka \"Windows Common Log File System Driver Elevation Of Privilege Vulnerability\". This CVE is unique from CVE-2018-0846.", }, ], problemTypes: [ { descriptions: [ { description: "Important", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-02-15T10:57:01", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "1040380", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1040380", }, { name: "102929", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/102929", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0844", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", DATE_PUBLIC: "2018-02-13T00:00:00", ID: "CVE-2018-0844", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Windows Common Log File System", version: { version_data: [ { version_value: "Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709", }, ], }, }, ], }, vendor_name: "Microsoft Corporation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The Windows Common Log File System (CLFS) driver in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to how objects in memory are handled, aka \"Windows Common Log File System Driver Elevation Of Privilege Vulnerability\". This CVE is unique from CVE-2018-0846.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Important", }, ], }, ], }, references: { reference_data: [ { name: "1040380", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1040380", }, { name: "102929", refsource: "BID", url: "http://www.securityfocus.com/bid/102929", }, { name: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0844", refsource: "CONFIRM", url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0844", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2018-0844", datePublished: "2018-02-15T02:00:00Z", dateReserved: "2017-12-01T00:00:00", dateUpdated: "2024-09-16T22:57:11.663Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-0859
Vulnerability from cvelistv5
Published
2019-04-09 20:19
Modified
2025-02-07 16:28
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0685, CVE-2019-0803.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0859 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Windows |
Version: 7 for 32-bit Systems Service Pack 1 Version: 7 for x64-based Systems Service Pack 1 Version: 8.1 for 32-bit systems Version: 8.1 for x64-based systems Version: RT 8.1 Version: 10 for 32-bit Systems Version: 10 for x64-based Systems Version: 10 Version 1607 for 32-bit Systems Version: 10 Version 1607 for x64-based Systems Version: 10 Version 1703 for 32-bit Systems Version: 10 Version 1703 for x64-based Systems Version: 10 Version 1709 for 32-bit Systems Version: 10 Version 1709 for x64-based Systems Version: 10 Version 1803 for 32-bit Systems Version: 10 Version 1803 for x64-based Systems Version: 10 Version 1803 for ARM64-based Systems Version: 10 Version 1809 for 32-bit Systems Version: 10 Version 1809 for x64-based Systems Version: 10 Version 1809 for ARM64-based Systems Version: 10 Version 1709 for ARM64-based Systems |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T17:58:59.594Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0859", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2019-0859", options: [ { Exploitation: "active", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-07T16:17:43.765232Z", version: "2.0.3", }, type: "ssvc", }, }, { other: { content: { dateAdded: "2021-11-03", reference: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2019-0859", }, type: "kev", }, }, ], problemTypes: [ { descriptions: [ { description: "CWE-noinfo Not enough information", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-07T16:28:16.168Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Windows", vendor: "Microsoft", versions: [ { status: "affected", version: "7 for 32-bit Systems Service Pack 1", }, { status: "affected", version: "7 for x64-based Systems Service Pack 1", }, { status: "affected", version: "8.1 for 32-bit systems", }, { status: "affected", version: "8.1 for x64-based systems", }, { status: "affected", version: "RT 8.1", }, { status: "affected", version: "10 for 32-bit Systems", }, { status: "affected", version: "10 for x64-based Systems", }, { status: "affected", version: "10 Version 1607 for 32-bit Systems", }, { status: "affected", version: "10 Version 1607 for x64-based Systems", }, { status: "affected", version: "10 Version 1703 for 32-bit Systems", }, { status: "affected", version: "10 Version 1703 for x64-based Systems", }, { status: "affected", version: "10 Version 1709 for 32-bit Systems", }, { status: "affected", version: "10 Version 1709 for x64-based Systems", }, { status: "affected", version: "10 Version 1803 for 32-bit Systems", }, { status: "affected", version: "10 Version 1803 for x64-based Systems", }, { status: "affected", version: "10 Version 1803 for ARM64-based Systems", }, { status: "affected", version: "10 Version 1809 for 32-bit Systems", }, { status: "affected", version: "10 Version 1809 for x64-based Systems", }, { status: "affected", version: "10 Version 1809 for ARM64-based Systems", }, { status: "affected", version: "10 Version 1709 for ARM64-based Systems", }, ], }, { product: "Windows Server", vendor: "Microsoft", versions: [ { status: "affected", version: "2008 R2 for x64-based Systems Service Pack 1 (Core installation)", }, { status: "affected", version: "2008 R2 for Itanium-Based Systems Service Pack 1", }, { status: "affected", version: "2008 R2 for x64-based Systems Service Pack 1", }, { status: "affected", version: "2008 for 32-bit Systems Service Pack 2 (Core installation)", }, { status: "affected", version: "2012", }, { status: "affected", version: "2012 (Core installation)", }, { status: "affected", version: "2012 R2", }, { status: "affected", version: "2012 R2 (Core installation)", }, { status: "affected", version: "2016", }, { status: "affected", version: "2016 (Core installation)", }, { status: "affected", version: "version 1709 (Core Installation)", }, { status: "affected", version: "version 1803 (Core Installation)", }, { status: "affected", version: "2019", }, { status: "affected", version: "2019 (Core installation)", }, { status: "affected", version: "2008 for Itanium-Based Systems Service Pack 2", }, { status: "affected", version: "2008 for 32-bit Systems Service Pack 2", }, { status: "affected", version: "2008 for x64-based Systems Service Pack 2", }, { status: "affected", version: "2008 for x64-based Systems Service Pack 2 (Core installation)", }, ], }, ], descriptions: [ { lang: "en", value: "An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0685, CVE-2019-0803.", }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-04-09T20:19:48.000Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0859", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2019-0859", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Windows", version: { version_data: [ { version_value: "7 for 32-bit Systems Service Pack 1", }, { version_value: "7 for x64-based Systems Service Pack 1", }, { version_value: "8.1 for 32-bit systems", }, { version_value: "8.1 for x64-based systems", }, { version_value: "RT 8.1", }, { version_value: "10 for 32-bit Systems", }, { version_value: "10 for x64-based Systems", }, { version_value: "10 Version 1607 for 32-bit Systems", }, { version_value: "10 Version 1607 for x64-based Systems", }, { version_value: "10 Version 1703 for 32-bit Systems", }, { version_value: "10 Version 1703 for x64-based Systems", }, { version_value: "10 Version 1709 for 32-bit Systems", }, { version_value: "10 Version 1709 for x64-based Systems", }, { version_value: "10 Version 1803 for 32-bit Systems", }, { version_value: "10 Version 1803 for x64-based Systems", }, { version_value: "10 Version 1803 for ARM64-based Systems", }, { version_value: "10 Version 1809 for 32-bit Systems", }, { version_value: "10 Version 1809 for x64-based Systems", }, { version_value: "10 Version 1809 for ARM64-based Systems", }, { version_value: "10 Version 1709 for ARM64-based Systems", }, ], }, }, { product_name: "Windows Server", version: { version_data: [ { version_value: "2008 R2 for x64-based Systems Service Pack 1 (Core installation)", }, { version_value: "2008 R2 for Itanium-Based Systems Service Pack 1", }, { version_value: "2008 R2 for x64-based Systems Service Pack 1", }, { version_value: "2008 for 32-bit Systems Service Pack 2 (Core installation)", }, { version_value: "2012", }, { version_value: "2012 (Core installation)", }, { version_value: "2012 R2", }, { version_value: "2012 R2 (Core installation)", }, { version_value: "2016", }, { version_value: "2016 (Core installation)", }, { version_value: "version 1709 (Core Installation)", }, { version_value: "version 1803 (Core Installation)", }, { version_value: "2019", }, { version_value: "2019 (Core installation)", }, { version_value: "2008 for Itanium-Based Systems Service Pack 2", }, { version_value: "2008 for 32-bit Systems Service Pack 2", }, { version_value: "2008 for x64-based Systems Service Pack 2", }, { version_value: "2008 for x64-based Systems Service Pack 2 (Core installation)", }, ], }, }, ], }, vendor_name: "Microsoft", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0685, CVE-2019-0803.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Elevation of Privilege", }, ], }, ], }, references: { reference_data: [ { name: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0859", refsource: "MISC", url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0859", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2019-0859", datePublished: "2019-04-09T20:19:48.000Z", dateReserved: "2018-11-26T00:00:00.000Z", dateUpdated: "2025-02-07T16:28:16.168Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-8414
Vulnerability from cvelistv5
Published
2018-08-15 17:00
Modified
2025-02-07 16:38
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability exists when the Windows Shell does not properly validate file paths, aka "Windows Shell Remote Code Execution Vulnerability." This affects Windows 10 Servers, Windows 10.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8414 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/105016 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1041458 | vdb-entry, x_refsource_SECTRACK |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Windows 10 Servers |
Version: version 1709 (Server Core Installation) Version: version 1803 (Server Core Installation) |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T06:54:36.389Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8414", }, { name: "105016", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/105016", }, { name: "1041458", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1041458", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2018-8414", options: [ { Exploitation: "active", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-07T16:24:52.970463Z", version: "2.0.3", }, type: "ssvc", }, }, { other: { content: { dateAdded: "2022-03-25", reference: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2018-8414", }, type: "kev", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-20", description: "CWE-20 Improper Input Validation", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-07T16:38:18.756Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Windows 10 Servers", vendor: "Microsoft", versions: [ { status: "affected", version: "version 1709 (Server Core Installation)", }, { status: "affected", version: "version 1803 (Server Core Installation)", }, ], }, { product: "Windows 10", vendor: "Microsoft", versions: [ { status: "affected", version: "Version 1703 for 32-bit Systems", }, { status: "affected", version: "Version 1703 for x64-based Systems", }, { status: "affected", version: "Version 1709 for 32-bit Systems", }, { status: "affected", version: "Version 1709 for x64-based Systems", }, { status: "affected", version: "Version 1803 for 32-bit Systems", }, { status: "affected", version: "Version 1803 for x64-based Systems", }, ], }, ], datePublic: "2018-08-14T00:00:00.000Z", descriptions: [ { lang: "en", value: "A remote code execution vulnerability exists when the Windows Shell does not properly validate file paths, aka \"Windows Shell Remote Code Execution Vulnerability.\" This affects Windows 10 Servers, Windows 10.", }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-08-16T09:57:01.000Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8414", }, { name: "105016", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/105016", }, { name: "1041458", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1041458", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2018-8414", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Windows 10 Servers", version: { version_data: [ { version_value: "version 1709 (Server Core Installation)", }, { version_value: "version 1803 (Server Core Installation)", }, ], }, }, { product_name: "Windows 10", version: { version_data: [ { version_value: "Version 1703 for 32-bit Systems", }, { version_value: "Version 1703 for x64-based Systems", }, { version_value: "Version 1709 for 32-bit Systems", }, { version_value: "Version 1709 for x64-based Systems", }, { version_value: "Version 1803 for 32-bit Systems", }, { version_value: "Version 1803 for x64-based Systems", }, ], }, }, ], }, vendor_name: "Microsoft", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A remote code execution vulnerability exists when the Windows Shell does not properly validate file paths, aka \"Windows Shell Remote Code Execution Vulnerability.\" This affects Windows 10 Servers, Windows 10.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Remote Code Execution", }, ], }, ], }, references: { reference_data: [ { name: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8414", refsource: "CONFIRM", url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8414", }, { name: "105016", refsource: "BID", url: "http://www.securityfocus.com/bid/105016", }, { name: "1041458", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1041458", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2018-8414", datePublished: "2018-08-15T17:00:00.000Z", dateReserved: "2018-03-14T00:00:00.000Z", dateUpdated: "2025-02-07T16:38:18.756Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-8405
Vulnerability from cvelistv5
Published
2018-08-15 17:00
Modified
2025-02-07 16:38
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory, aka "DirectX Graphics Kernel Elevation of Privilege Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8400, CVE-2018-8401, CVE-2018-8406.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/105011 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1041461 | vdb-entry, x_refsource_SECTRACK | |
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8405 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Windows Server 2012 R2 |
Version: (Server Core installation) |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T06:54:36.368Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "105011", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/105011", }, { name: "1041461", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1041461", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8405", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2018-8405", options: [ { Exploitation: "active", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-07T16:25:28.228106Z", version: "2.0.3", }, type: "ssvc", }, }, { other: { content: { dateAdded: "2022-03-28", reference: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2018-8405", }, type: "kev", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-404", description: "CWE-404 Improper Resource Shutdown or Release", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-07T16:38:19.151Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Windows Server 2012 R2", vendor: "Microsoft", versions: [ { status: "affected", version: "(Server Core installation)", }, ], }, { product: "Windows RT 8.1", vendor: "Microsoft", versions: [ { status: "affected", version: "Windows RT 8.1", }, ], }, { product: "Windows Server 2016", vendor: "Microsoft", versions: [ { status: "affected", version: "(Server Core installation)", }, ], }, { product: "Windows 8.1", vendor: "Microsoft", versions: [ { status: "affected", version: "32-bit systems", }, { status: "affected", version: "x64-based systems", }, ], }, { product: "Windows 10", vendor: "Microsoft", versions: [ { status: "affected", version: "32-bit Systems", }, { status: "affected", version: "Version 1607 for 32-bit Systems", }, { status: "affected", version: "Version 1607 for x64-based Systems", }, { status: "affected", version: "Version 1703 for 32-bit Systems", }, { status: "affected", version: "Version 1703 for x64-based Systems", }, { status: "affected", version: "Version 1709 for 32-bit Systems", }, { status: "affected", version: "Version 1709 for x64-based Systems", }, { status: "affected", version: "Version 1803 for 32-bit Systems", }, { status: "affected", version: "Version 1803 for x64-based Systems", }, { status: "affected", version: "x64-based Systems", }, ], }, { product: "Windows 10 Servers", vendor: "Microsoft", versions: [ { status: "affected", version: "version 1709 (Server Core Installation)", }, { status: "affected", version: "version 1803 (Server Core Installation)", }, ], }, ], datePublic: "2018-08-14T00:00:00.000Z", descriptions: [ { lang: "en", value: "An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory, aka \"DirectX Graphics Kernel Elevation of Privilege Vulnerability.\" This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8400, CVE-2018-8401, CVE-2018-8406.", }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-08-16T09:57:01.000Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "105011", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/105011", }, { name: "1041461", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1041461", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8405", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2018-8405", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Windows Server 2012 R2", version: { version_data: [ { version_value: "(Server Core installation)", }, ], }, }, { product_name: "Windows RT 8.1", version: { version_data: [ { version_value: "Windows RT 8.1", }, ], }, }, { product_name: "Windows Server 2016", version: { version_data: [ { version_value: "(Server Core installation)", }, ], }, }, { product_name: "Windows 8.1", version: { version_data: [ { version_value: "32-bit systems", }, { version_value: "x64-based systems", }, ], }, }, { product_name: "Windows 10", version: { version_data: [ { version_value: "32-bit Systems", }, { version_value: "Version 1607 for 32-bit Systems", }, { version_value: "Version 1607 for x64-based Systems", }, { version_value: "Version 1703 for 32-bit Systems", }, { version_value: "Version 1703 for x64-based Systems", }, { version_value: "Version 1709 for 32-bit Systems", }, { version_value: "Version 1709 for x64-based Systems", }, { version_value: "Version 1803 for 32-bit Systems", }, { version_value: "Version 1803 for x64-based Systems", }, { version_value: "x64-based Systems", }, ], }, }, { product_name: "Windows 10 Servers", version: { version_data: [ { version_value: "version 1709 (Server Core Installation)", }, { version_value: "version 1803 (Server Core Installation)", }, ], }, }, ], }, vendor_name: "Microsoft", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory, aka \"DirectX Graphics Kernel Elevation of Privilege Vulnerability.\" This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8400, CVE-2018-8401, CVE-2018-8406.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Elevation of Privilege", }, ], }, ], }, references: { reference_data: [ { name: "105011", refsource: "BID", url: "http://www.securityfocus.com/bid/105011", }, { name: "1041461", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1041461", }, { name: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8405", refsource: "CONFIRM", url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8405", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2018-8405", datePublished: "2018-08-15T17:00:00.000Z", dateReserved: "2018-03-14T00:00:00.000Z", dateUpdated: "2025-02-07T16:38:19.151Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-1064
Vulnerability from cvelistv5
Published
2019-06-12 13:49
Modified
2025-02-07 16:28
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links, aka 'Windows Elevation of Privilege Vulnerability'.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1064 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Windows Server |
Version: 2016 Version: 2016 (Core installation) Version: version 1803 (Core Installation) Version: 2019 Version: 2019 (Core installation) |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T18:06:31.506Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1064", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2019-1064", options: [ { Exploitation: "active", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-07T16:16:12.418849Z", version: "2.0.3", }, type: "ssvc", }, }, { other: { content: { dateAdded: "2022-03-15", reference: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2019-1064", }, type: "kev", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-59", description: "CWE-59 Improper Link Resolution Before File Access ('Link Following')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-07T16:28:15.631Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Windows Server", vendor: "Microsoft", versions: [ { status: "affected", version: "2016", }, { status: "affected", version: "2016 (Core installation)", }, { status: "affected", version: "version 1803 (Core Installation)", }, { status: "affected", version: "2019", }, { status: "affected", version: "2019 (Core installation)", }, ], }, { product: "Windows", vendor: "Microsoft", versions: [ { status: "affected", version: "10 Version 1607 for 32-bit Systems", }, { status: "affected", version: "10 Version 1607 for x64-based Systems", }, { status: "affected", version: "10 Version 1703 for 32-bit Systems", }, { status: "affected", version: "10 Version 1703 for x64-based Systems", }, { status: "affected", version: "10 Version 1709 for 32-bit Systems", }, { status: "affected", version: "10 Version 1709 for x64-based Systems", }, { status: "affected", version: "10 Version 1803 for 32-bit Systems", }, { status: "affected", version: "10 Version 1803 for x64-based Systems", }, { status: "affected", version: "10 Version 1803 for ARM64-based Systems", }, { status: "affected", version: "10 Version 1809 for 32-bit Systems", }, { status: "affected", version: "10 Version 1809 for x64-based Systems", }, { status: "affected", version: "10 Version 1809 for ARM64-based Systems", }, { status: "affected", version: "10 Version 1709 for ARM64-based Systems", }, ], }, { product: "Windows 10 Version 1903 for 32-bit Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Windows 10 Version 1903 for x64-based Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Windows 10 Version 1903 for ARM64-based Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Windows Server, version 1903 (Server Core installation)", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, ], descriptions: [ { lang: "en", value: "An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links, aka 'Windows Elevation of Privilege Vulnerability'.", }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-06-12T13:49:41.000Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1064", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2019-1064", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Windows Server", version: { version_data: [ { version_value: "2016", }, { version_value: "2016 (Core installation)", }, { version_value: "version 1803 (Core Installation)", }, { version_value: "2019", }, { version_value: "2019 (Core installation)", }, ], }, }, { product_name: "Windows", version: { version_data: [ { version_value: "10 Version 1607 for 32-bit Systems", }, { version_value: "10 Version 1607 for x64-based Systems", }, { version_value: "10 Version 1703 for 32-bit Systems", }, { version_value: "10 Version 1703 for x64-based Systems", }, { version_value: "10 Version 1709 for 32-bit Systems", }, { version_value: "10 Version 1709 for x64-based Systems", }, { version_value: "10 Version 1803 for 32-bit Systems", }, { version_value: "10 Version 1803 for x64-based Systems", }, { version_value: "10 Version 1803 for ARM64-based Systems", }, { version_value: "10 Version 1809 for 32-bit Systems", }, { version_value: "10 Version 1809 for x64-based Systems", }, { version_value: "10 Version 1809 for ARM64-based Systems", }, { version_value: "10 Version 1709 for ARM64-based Systems", }, ], }, }, { product_name: "Windows 10 Version 1903 for 32-bit Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Windows 10 Version 1903 for x64-based Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Windows 10 Version 1903 for ARM64-based Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Windows Server, version 1903 (Server Core installation)", version: { version_data: [ { version_value: "", }, ], }, }, ], }, vendor_name: "Microsoft", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links, aka 'Windows Elevation of Privilege Vulnerability'.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Elevation of Privilege", }, ], }, ], }, references: { reference_data: [ { name: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1064", refsource: "MISC", url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1064", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2019-1064", datePublished: "2019-06-12T13:49:41.000Z", dateReserved: "2018-11-26T00:00:00.000Z", dateUpdated: "2025-02-07T16:28:15.631Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-0824
Vulnerability from cvelistv5
Published
2018-05-09 19:00
Modified
2024-08-06 13:13
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability exists in "Microsoft COM for Windows" when it fails to properly handle serialized objects, aka "Microsoft COM for Windows Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1040848 | vdb-entry, x_refsource_SECTRACK | |
| https://www.exploit-db.com/exploits/44906/ | exploit, x_refsource_EXPLOIT-DB | |
| http://www.securityfocus.com/bid/104030 | vdb-entry, x_refsource_BID | |
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0824 | x_refsource_CONFIRM |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "windows_10", vendor: "microsoft", versions: [ { status: "affected", version: "1607", }, ], }, { cpes: [ "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "windows_10", vendor: "microsoft", versions: [ { status: "affected", version: "1703", }, ], }, { cpes: [ "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "windows_10", vendor: "microsoft", versions: [ { status: "affected", version: "1709", }, ], }, { cpes: [ "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "windows_10", vendor: "microsoft", versions: [ { status: "affected", version: "1803", }, ], }, { cpes: [ "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "windows_7", vendor: "microsoft", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "windows_8.1", vendor: "microsoft", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "windows_rt_8.1", vendor: "microsoft", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*", ], defaultStatus: "unknown", product: "windows_server_2008", vendor: "microsoft", versions: [ { status: "affected", version: "r2", }, ], }, { cpes: [ "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", ], defaultStatus: "unknown", product: "windows_server_2008", vendor: "microsoft", versions: [ { status: "affected", version: "r2", }, ], }, { cpes: [ "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "windows_server_2012", vendor: "microsoft", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "windows_server_2012", vendor: "microsoft", versions: [ { status: "affected", version: "r2", }, ], }, { cpes: [ "cpe:2.3:o:microsoft:windows_server_2016:1709:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "windows_server_2016", vendor: "microsoft", versions: [ { status: "affected", version: "1709", }, ], }, { cpes: [ "cpe:2.3:o:microsoft:windows_server_2016:1803:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "windows_server_2016", vendor: "microsoft", versions: [ { status: "affected", version: "1803", }, ], }, { cpes: [ "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "windows_10", vendor: "microsoft", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "windows_server_2016", vendor: "microsoft", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "windows_server_2008", vendor: "microsoft", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2018-0824", options: [ { Exploitation: "active", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-08-02T03:55:25.707924Z", version: "2.0.3", }, type: "ssvc", }, }, { other: { content: { dateAdded: "2024-08-05", reference: "https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json", }, type: "kev", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-502", description: "CWE-502 Deserialization of Untrusted Data", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-08-06T13:13:54.108Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-05T03:35:49.454Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "1040848", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1040848", }, { name: "44906", tags: [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred", ], url: "https://www.exploit-db.com/exploits/44906/", }, { name: "104030", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/104030", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0824", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2018-05-08T00:00:00", descriptions: [ { lang: "en", value: "A remote code execution vulnerability exists in \"Microsoft COM for Windows\" when it fails to properly handle serialized objects, aka \"Microsoft COM for Windows Remote Code Execution Vulnerability.\" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-06-20T09:57:01", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "1040848", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1040848", }, { name: "44906", tags: [ "exploit", "x_refsource_EXPLOIT-DB", ], url: "https://www.exploit-db.com/exploits/44906/", }, { name: "104030", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/104030", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0824", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2018-0824", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A remote code execution vulnerability exists in \"Microsoft COM for Windows\" when it fails to properly handle serialized objects, aka \"Microsoft COM for Windows Remote Code Execution Vulnerability.\" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "1040848", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1040848", }, { name: "44906", refsource: "EXPLOIT-DB", url: "https://www.exploit-db.com/exploits/44906/", }, { name: "104030", refsource: "BID", url: "http://www.securityfocus.com/bid/104030", }, { name: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0824", refsource: "CONFIRM", url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0824", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2018-0824", datePublished: "2018-05-09T19:00:00", dateReserved: "2017-12-01T00:00:00", dateUpdated: "2024-08-06T13:13:54.108Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-0846
Vulnerability from cvelistv5
Published
2018-02-15 02:00
Modified
2024-09-16 19:09
Severity ?
EPSS score ?
Summary
The Windows Common Log File System (CLFS) driver in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to how objects in memory are handled, aka "Windows Common Log File System Driver Elevation Of Privilege Vulnerability". This CVE is unique from CVE-2018-0844.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1040380 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/102931 | vdb-entry, x_refsource_BID | |
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0846 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Microsoft Corporation | Windows Common Log File System |
Version: Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T03:44:10.442Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "1040380", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1040380", }, { name: "102931", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/102931", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0846", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Windows Common Log File System", vendor: "Microsoft Corporation", versions: [ { status: "affected", version: "Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709", }, ], }, ], datePublic: "2018-02-13T00:00:00", descriptions: [ { lang: "en", value: "The Windows Common Log File System (CLFS) driver in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to how objects in memory are handled, aka \"Windows Common Log File System Driver Elevation Of Privilege Vulnerability\". This CVE is unique from CVE-2018-0844.", }, ], problemTypes: [ { descriptions: [ { description: "Important", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-02-15T10:57:01", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "1040380", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1040380", }, { name: "102931", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/102931", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0846", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", DATE_PUBLIC: "2018-02-13T00:00:00", ID: "CVE-2018-0846", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Windows Common Log File System", version: { version_data: [ { version_value: "Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709", }, ], }, }, ], }, vendor_name: "Microsoft Corporation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The Windows Common Log File System (CLFS) driver in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to how objects in memory are handled, aka \"Windows Common Log File System Driver Elevation Of Privilege Vulnerability\". This CVE is unique from CVE-2018-0844.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Important", }, ], }, ], }, references: { reference_data: [ { name: "1040380", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1040380", }, { name: "102931", refsource: "BID", url: "http://www.securityfocus.com/bid/102931", }, { name: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0846", refsource: "CONFIRM", url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0846", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2018-0846", datePublished: "2018-02-15T02:00:00Z", dateReserved: "2017-12-01T00:00:00", dateUpdated: "2024-09-16T19:09:57.169Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-8493
Vulnerability from cvelistv5
Published
2018-10-10 13:00
Modified
2024-08-05 06:54
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability exists when the Windows TCP/IP stack improperly handles fragmented IP packets, aka "Windows TCP/IP Information Disclosure Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1041843 | vdb-entry, x_refsource_SECTRACK | |
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8493 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/105456 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Windows Server 2012 R2 |
Version: (Server Core installation) |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T06:54:36.908Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "1041843", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1041843", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8493", }, { name: "105456", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/105456", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Windows Server 2012 R2", vendor: "Microsoft", versions: [ { status: "affected", version: "(Server Core installation)", }, ], }, { product: "Windows RT 8.1", vendor: "Microsoft", versions: [ { status: "affected", version: "Windows RT 8.1", }, ], }, { product: "Windows Server 2016", vendor: "Microsoft", versions: [ { status: "affected", version: "(Server Core installation)", }, ], }, { product: "Windows 8.1", vendor: "Microsoft", versions: [ { status: "affected", version: "32-bit systems", }, { status: "affected", version: "x64-based systems", }, ], }, { product: "Windows 10", vendor: "Microsoft", versions: [ { status: "affected", version: "32-bit Systems", }, { status: "affected", version: "Version 1607 for 32-bit Systems", }, { status: "affected", version: "Version 1607 for x64-based Systems", }, { status: "affected", version: "Version 1703 for 32-bit Systems", }, { status: "affected", version: "Version 1703 for x64-based Systems", }, { status: "affected", version: "Version 1709 for 32-bit Systems", }, { status: "affected", version: "Version 1709 for x64-based Systems", }, { status: "affected", version: "Version 1803 for 32-bit Systems", }, { status: "affected", version: "Version 1803 for x64-based Systems", }, { status: "affected", version: "x64-based Systems", }, ], }, { product: "Windows 10 Servers", vendor: "Microsoft", versions: [ { status: "affected", version: "version 1709 (Server Core Installation)", }, { status: "affected", version: "version 1803 (Server Core Installation)", }, ], }, ], datePublic: "2018-10-09T00:00:00", descriptions: [ { lang: "en", value: "An information disclosure vulnerability exists when the Windows TCP/IP stack improperly handles fragmented IP packets, aka \"Windows TCP/IP Information Disclosure Vulnerability.\" This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers.", }, ], problemTypes: [ { descriptions: [ { description: "Information Disclosure", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-11T09:57:01", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "1041843", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1041843", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8493", }, { name: "105456", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/105456", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2018-8493", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Windows Server 2012 R2", version: { version_data: [ { version_value: "(Server Core installation)", }, ], }, }, { product_name: "Windows RT 8.1", version: { version_data: [ { version_value: "Windows RT 8.1", }, ], }, }, { product_name: "Windows Server 2016", version: { version_data: [ { version_value: "(Server Core installation)", }, ], }, }, { product_name: "Windows 8.1", version: { version_data: [ { version_value: "32-bit systems", }, { version_value: "x64-based systems", }, ], }, }, { product_name: "Windows 10", version: { version_data: [ { version_value: "32-bit Systems", }, { version_value: "Version 1607 for 32-bit Systems", }, { version_value: "Version 1607 for x64-based Systems", }, { version_value: "Version 1703 for 32-bit Systems", }, { version_value: "Version 1703 for x64-based Systems", }, { version_value: "Version 1709 for 32-bit Systems", }, { version_value: "Version 1709 for x64-based Systems", }, { version_value: "Version 1803 for 32-bit Systems", }, { version_value: "Version 1803 for x64-based Systems", }, { version_value: "x64-based Systems", }, ], }, }, { product_name: "Windows 10 Servers", version: { version_data: [ { version_value: "version 1709 (Server Core Installation)", }, { version_value: "version 1803 (Server Core Installation)", }, ], }, }, ], }, vendor_name: "Microsoft", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An information disclosure vulnerability exists when the Windows TCP/IP stack improperly handles fragmented IP packets, aka \"Windows TCP/IP Information Disclosure Vulnerability.\" This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Information Disclosure", }, ], }, ], }, references: { reference_data: [ { name: "1041843", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1041843", }, { name: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8493", refsource: "CONFIRM", url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8493", }, { name: "105456", refsource: "BID", url: "http://www.securityfocus.com/bid/105456", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2018-8493", datePublished: "2018-10-10T13:00:00", dateReserved: "2018-03-14T00:00:00", dateUpdated: "2024-08-05T06:54:36.908Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-0543
Vulnerability from cvelistv5
Published
2019-01-08 21:00
Modified
2025-02-04 15:33
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability exists when Windows improperly handles authentication requests, aka "Microsoft Windows Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/106408 | vdb-entry, x_refsource_BID | |
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0543 | x_refsource_CONFIRM | |
| https://www.exploit-db.com/exploits/46156/ | exploit, x_refsource_EXPLOIT-DB |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T17:51:26.493Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "106408", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/106408", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0543", }, { name: "46156", tags: [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred", ], url: "https://www.exploit-db.com/exploits/46156/", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2019-0543", options: [ { Exploitation: "active", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-04T15:28:58.894926Z", version: "2.0.3", }, type: "ssvc", }, }, { other: { content: { dateAdded: "2022-03-15", reference: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2019-0543", }, type: "kev", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-287", description: "CWE-287 Improper Authentication", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-04T15:33:40.871Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2019-01-08T00:00:00.000Z", descriptions: [ { lang: "en", value: "An elevation of privilege vulnerability exists when Windows improperly handles authentication requests, aka \"Microsoft Windows Elevation of Privilege Vulnerability.\" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-01-15T10:57:01.000Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "106408", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/106408", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0543", }, { name: "46156", tags: [ "exploit", "x_refsource_EXPLOIT-DB", ], url: "https://www.exploit-db.com/exploits/46156/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2019-0543", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An elevation of privilege vulnerability exists when Windows improperly handles authentication requests, aka \"Microsoft Windows Elevation of Privilege Vulnerability.\" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "106408", refsource: "BID", url: "http://www.securityfocus.com/bid/106408", }, { name: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0543", refsource: "CONFIRM", url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0543", }, { name: "46156", refsource: "EXPLOIT-DB", url: "https://www.exploit-db.com/exploits/46156/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2019-0543", datePublished: "2019-01-08T21:00:00.000Z", dateReserved: "2018-11-26T00:00:00.000Z", dateUpdated: "2025-02-04T15:33:40.871Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-8406
Vulnerability from cvelistv5
Published
2018-08-15 17:00
Modified
2025-02-07 16:38
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory, aka "DirectX Graphics Kernel Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8400, CVE-2018-8401, CVE-2018-8405.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/105012 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1041461 | vdb-entry, x_refsource_SECTRACK | |
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8406 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Windows Server 2016 |
Version: (Server Core installation) |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T06:54:36.330Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "105012", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/105012", }, { name: "1041461", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1041461", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8406", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2018-8406", options: [ { Exploitation: "active", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-07T16:25:05.697499Z", version: "2.0.3", }, type: "ssvc", }, }, { other: { content: { dateAdded: "2022-03-28", reference: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2018-8406", }, type: "kev", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-404", description: "CWE-404 Improper Resource Shutdown or Release", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-07T16:38:19.019Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Windows Server 2016", vendor: "Microsoft", versions: [ { status: "affected", version: "(Server Core installation)", }, ], }, { product: "Windows 10", vendor: "Microsoft", versions: [ { status: "affected", version: "32-bit Systems", }, { status: "affected", version: "Version 1607 for 32-bit Systems", }, { status: "affected", version: "Version 1607 for x64-based Systems", }, { status: "affected", version: "Version 1703 for 32-bit Systems", }, { status: "affected", version: "Version 1703 for x64-based Systems", }, { status: "affected", version: "Version 1709 for 32-bit Systems", }, { status: "affected", version: "Version 1709 for x64-based Systems", }, { status: "affected", version: "Version 1803 for 32-bit Systems", }, { status: "affected", version: "Version 1803 for x64-based Systems", }, { status: "affected", version: "x64-based Systems", }, ], }, { product: "Windows 10 Servers", vendor: "Microsoft", versions: [ { status: "affected", version: "version 1709 (Server Core Installation)", }, { status: "affected", version: "version 1803 (Server Core Installation)", }, ], }, ], datePublic: "2018-08-14T00:00:00.000Z", descriptions: [ { lang: "en", value: "An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory, aka \"DirectX Graphics Kernel Elevation of Privilege Vulnerability.\" This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8400, CVE-2018-8401, CVE-2018-8405.", }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-08-16T09:57:01.000Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "105012", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/105012", }, { name: "1041461", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1041461", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8406", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2018-8406", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Windows Server 2016", version: { version_data: [ { version_value: "(Server Core installation)", }, ], }, }, { product_name: "Windows 10", version: { version_data: [ { version_value: "32-bit Systems", }, { version_value: "Version 1607 for 32-bit Systems", }, { version_value: "Version 1607 for x64-based Systems", }, { version_value: "Version 1703 for 32-bit Systems", }, { version_value: "Version 1703 for x64-based Systems", }, { version_value: "Version 1709 for 32-bit Systems", }, { version_value: "Version 1709 for x64-based Systems", }, { version_value: "Version 1803 for 32-bit Systems", }, { version_value: "Version 1803 for x64-based Systems", }, { version_value: "x64-based Systems", }, ], }, }, { product_name: "Windows 10 Servers", version: { version_data: [ { version_value: "version 1709 (Server Core Installation)", }, { version_value: "version 1803 (Server Core Installation)", }, ], }, }, ], }, vendor_name: "Microsoft", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory, aka \"DirectX Graphics Kernel Elevation of Privilege Vulnerability.\" This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8400, CVE-2018-8401, CVE-2018-8405.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Elevation of Privilege", }, ], }, ], }, references: { reference_data: [ { name: "105012", refsource: "BID", url: "http://www.securityfocus.com/bid/105012", }, { name: "1041461", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1041461", }, { name: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8406", refsource: "CONFIRM", url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8406", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2018-8406", datePublished: "2018-08-15T17:00:00.000Z", dateReserved: "2018-03-14T00:00:00.000Z", dateUpdated: "2025-02-07T16:38:19.019Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-0797
Vulnerability from cvelistv5
Published
2019-04-09 02:34
Modified
2025-02-07 16:28
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0808.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0797 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Windows Server |
Version: 2012 Version: 2012 (Core installation) Version: 2012 R2 Version: 2012 R2 (Core installation) Version: 2016 Version: 2016 (Core installation) Version: version 1709 (Core Installation) Version: version 1803 (Core Installation) Version: 2019 Version: 2019 (Core installation) |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T17:58:59.172Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0797", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2019-0797", options: [ { Exploitation: "active", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-07T16:19:00.882676Z", version: "2.0.3", }, type: "ssvc", }, }, { other: { content: { dateAdded: "2021-11-03", reference: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2019-0797", }, type: "kev", }, }, ], problemTypes: [ { descriptions: [ { description: "CWE-noinfo Not enough information", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-07T16:28:16.697Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Windows Server", vendor: "Microsoft", versions: [ { status: "affected", version: "2012", }, { status: "affected", version: "2012 (Core installation)", }, { status: "affected", version: "2012 R2", }, { status: "affected", version: "2012 R2 (Core installation)", }, { status: "affected", version: "2016", }, { status: "affected", version: "2016 (Core installation)", }, { status: "affected", version: "version 1709 (Core Installation)", }, { status: "affected", version: "version 1803 (Core Installation)", }, { status: "affected", version: "2019", }, { status: "affected", version: "2019 (Core installation)", }, ], }, { product: "Windows", vendor: "Microsoft", versions: [ { status: "affected", version: "8.1 for 32-bit systems", }, { status: "affected", version: "8.1 for x64-based systems", }, { status: "affected", version: "RT 8.1", }, { status: "affected", version: "10 for 32-bit Systems", }, { status: "affected", version: "10 for x64-based Systems", }, { status: "affected", version: "10 Version 1607 for 32-bit Systems", }, { status: "affected", version: "10 Version 1607 for x64-based Systems", }, { status: "affected", version: "10 Version 1703 for 32-bit Systems", }, { status: "affected", version: "10 Version 1703 for x64-based Systems", }, { status: "affected", version: "10 Version 1709 for 32-bit Systems", }, { status: "affected", version: "10 Version 1709 for x64-based Systems", }, { status: "affected", version: "10 Version 1803 for 32-bit Systems", }, { status: "affected", version: "10 Version 1803 for x64-based Systems", }, { status: "affected", version: "10 Version 1803 for ARM64-based Systems", }, { status: "affected", version: "10 Version 1809 for 32-bit Systems", }, { status: "affected", version: "10 Version 1809 for x64-based Systems", }, { status: "affected", version: "10 Version 1809 for ARM64-based Systems", }, { status: "affected", version: "10 Version 1709 for ARM64-based Systems", }, ], }, ], datePublic: "2019-03-12T00:00:00.000Z", descriptions: [ { lang: "en", value: "An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0808.", }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-04-09T02:34:55.000Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0797", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2019-0797", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Windows Server", version: { version_data: [ { version_value: "2012", }, { version_value: "2012 (Core installation)", }, { version_value: "2012 R2", }, { version_value: "2012 R2 (Core installation)", }, { version_value: "2016", }, { version_value: "2016 (Core installation)", }, { version_value: "version 1709 (Core Installation)", }, { version_value: "version 1803 (Core Installation)", }, { version_value: "2019", }, { version_value: "2019 (Core installation)", }, ], }, }, { product_name: "Windows", version: { version_data: [ { version_value: "8.1 for 32-bit systems", }, { version_value: "8.1 for x64-based systems", }, { version_value: "RT 8.1", }, { version_value: "10 for 32-bit Systems", }, { version_value: "10 for x64-based Systems", }, { version_value: "10 Version 1607 for 32-bit Systems", }, { version_value: "10 Version 1607 for x64-based Systems", }, { version_value: "10 Version 1703 for 32-bit Systems", }, { version_value: "10 Version 1703 for x64-based Systems", }, { version_value: "10 Version 1709 for 32-bit Systems", }, { version_value: "10 Version 1709 for x64-based Systems", }, { version_value: "10 Version 1803 for 32-bit Systems", }, { version_value: "10 Version 1803 for x64-based Systems", }, { version_value: "10 Version 1803 for ARM64-based Systems", }, { version_value: "10 Version 1809 for 32-bit Systems", }, { version_value: "10 Version 1809 for x64-based Systems", }, { version_value: "10 Version 1809 for ARM64-based Systems", }, { version_value: "10 Version 1709 for ARM64-based Systems", }, ], }, }, ], }, vendor_name: "Microsoft", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0808.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Elevation of Privilege", }, ], }, ], }, references: { reference_data: [ { name: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0797", refsource: "CONFIRM", url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0797", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2019-0797", datePublished: "2019-04-09T02:34:55.000Z", dateReserved: "2018-11-26T00:00:00.000Z", dateUpdated: "2025-02-07T16:28:16.697Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-8453
Vulnerability from cvelistv5
Published
2018-10-10 13:00
Modified
2025-02-07 16:38
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1041828 | vdb-entry, x_refsource_SECTRACK | |
| https://securelist.com/cve-2018-8453-used-in-targeted-attack | x_refsource_MISC | |
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8453 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/105467 | vdb-entry, x_refsource_BID | |
| http://packetstormsecurity.com/files/153669/Microsoft-Windows-NtUserSetWindowFNID-Win32k-User-Callback.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Windows 7 |
Version: 32-bit Systems Service Pack 1 Version: x64-based Systems Service Pack 1 |
|||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T06:54:36.664Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "1041828", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1041828", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://securelist.com/cve-2018-8453-used-in-targeted-attack", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8453", }, { name: "105467", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/105467", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/153669/Microsoft-Windows-NtUserSetWindowFNID-Win32k-User-Callback.html", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2018-8453", options: [ { Exploitation: "active", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-07T16:24:16.678337Z", version: "2.0.3", }, type: "ssvc", }, }, { other: { content: { dateAdded: "2022-01-21", reference: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2018-8453", }, type: "kev", }, }, ], problemTypes: [ { descriptions: [ { description: "CWE-noinfo Not enough information", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-07T16:38:18.281Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Windows 7", vendor: "Microsoft", versions: [ { status: "affected", version: "32-bit Systems Service Pack 1", }, { status: "affected", version: "x64-based Systems Service Pack 1", }, ], }, { product: "Windows Server 2012 R2", vendor: "Microsoft", versions: [ { status: "affected", version: "(Server Core installation)", }, ], }, { product: "Windows RT 8.1", vendor: "Microsoft", versions: [ { status: "affected", version: "Windows RT 8.1", }, ], }, { product: "Windows Server 2008", vendor: "Microsoft", versions: [ { status: "affected", version: "32-bit Systems Service Pack 2", }, { status: "affected", version: "32-bit Systems Service Pack 2 (Server Core installation)", }, { status: "affected", version: "Itanium-Based Systems Service Pack 2", }, { status: "affected", version: "x64-based Systems Service Pack 2", }, { status: "affected", version: "x64-based Systems Service Pack 2 (Server Core installation)", }, ], }, { product: "Windows Server 2019", vendor: "Microsoft", versions: [ { status: "affected", version: "(Server Core installation)", }, ], }, { product: "Windows Server 2012", vendor: "Microsoft", versions: [ { status: "affected", version: "(Server Core installation)", }, ], }, { product: "Windows 8.1", vendor: "Microsoft", versions: [ { status: "affected", version: "32-bit systems", }, { status: "affected", version: "x64-based systems", }, ], }, { product: "Windows Server 2016", vendor: "Microsoft", versions: [ { status: "affected", version: "(Server Core installation)", }, ], }, { product: "Windows Server 2008 R2", vendor: "Microsoft", versions: [ { status: "affected", version: "Itanium-Based Systems Service Pack 1", }, { status: "affected", version: "x64-based Systems Service Pack 1", }, { status: "affected", version: "x64-based Systems Service Pack 1 (Server Core installation)", }, ], }, { product: "Windows 10", vendor: "Microsoft", versions: [ { status: "affected", version: "32-bit Systems", }, { status: "affected", version: "Version 1607 for 32-bit Systems", }, { status: "affected", version: "Version 1607 for x64-based Systems", }, { status: "affected", version: "Version 1703 for 32-bit Systems", }, { status: "affected", version: "Version 1703 for x64-based Systems", }, { status: "affected", version: "Version 1709 for 32-bit Systems", }, { status: "affected", version: "Version 1709 for x64-based Systems", }, { status: "affected", version: "Version 1803 for 32-bit Systems", }, { status: "affected", version: "Version 1803 for x64-based Systems", }, { status: "affected", version: "Version 1809 for 32-bit Systems", }, { status: "affected", version: "Version 1809 for x64-based Systems", }, { status: "affected", version: "x64-based Systems", }, ], }, { product: "Windows 10 Servers", vendor: "Microsoft", versions: [ { status: "affected", version: "version 1709 (Server Core Installation)", }, { status: "affected", version: "version 1803 (Server Core Installation)", }, ], }, ], datePublic: "2018-10-09T00:00:00.000Z", descriptions: [ { lang: "en", value: "An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka \"Win32k Elevation of Privilege Vulnerability.\" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.", }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-07-16T21:06:05.000Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "1041828", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1041828", }, { tags: [ "x_refsource_MISC", ], url: "https://securelist.com/cve-2018-8453-used-in-targeted-attack", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8453", }, { name: "105467", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/105467", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/153669/Microsoft-Windows-NtUserSetWindowFNID-Win32k-User-Callback.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2018-8453", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Windows 7", version: { version_data: [ { version_value: "32-bit Systems Service Pack 1", }, { version_value: "x64-based Systems Service Pack 1", }, ], }, }, { product_name: "Windows Server 2012 R2", version: { version_data: [ { version_value: "(Server Core installation)", }, ], }, }, { product_name: "Windows RT 8.1", version: { version_data: [ { version_value: "Windows RT 8.1", }, ], }, }, { product_name: "Windows Server 2008", version: { version_data: [ { version_value: "32-bit Systems Service Pack 2", }, { version_value: "32-bit Systems Service Pack 2 (Server Core installation)", }, { version_value: "Itanium-Based Systems Service Pack 2", }, { version_value: "x64-based Systems Service Pack 2", }, { version_value: "x64-based Systems Service Pack 2 (Server Core installation)", }, ], }, }, { product_name: "Windows Server 2019", version: { version_data: [ { version_value: "(Server Core installation)", }, ], }, }, { product_name: "Windows Server 2012", version: { version_data: [ { version_value: "(Server Core installation)", }, ], }, }, { product_name: "Windows 8.1", version: { version_data: [ { version_value: "32-bit systems", }, { version_value: "x64-based systems", }, ], }, }, { product_name: "Windows Server 2016", version: { version_data: [ { version_value: "(Server Core installation)", }, ], }, }, { product_name: "Windows Server 2008 R2", version: { version_data: [ { version_value: "Itanium-Based Systems Service Pack 1", }, { version_value: "x64-based Systems Service Pack 1", }, { version_value: "x64-based Systems Service Pack 1 (Server Core installation)", }, ], }, }, { product_name: "Windows 10", version: { version_data: [ { version_value: "32-bit Systems", }, { version_value: "Version 1607 for 32-bit Systems", }, { version_value: "Version 1607 for x64-based Systems", }, { version_value: "Version 1703 for 32-bit Systems", }, { version_value: "Version 1703 for x64-based Systems", }, { version_value: "Version 1709 for 32-bit Systems", }, { version_value: "Version 1709 for x64-based Systems", }, { version_value: "Version 1803 for 32-bit Systems", }, { version_value: "Version 1803 for x64-based Systems", }, { version_value: "Version 1809 for 32-bit Systems", }, { version_value: "Version 1809 for x64-based Systems", }, { version_value: "x64-based Systems", }, ], }, }, { product_name: "Windows 10 Servers", version: { version_data: [ { version_value: "version 1709 (Server Core Installation)", }, { version_value: "version 1803 (Server Core Installation)", }, ], }, }, ], }, vendor_name: "Microsoft", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka \"Win32k Elevation of Privilege Vulnerability.\" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Elevation of Privilege", }, ], }, ], }, references: { reference_data: [ { name: "1041828", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1041828", }, { name: "https://securelist.com/cve-2018-8453-used-in-targeted-attack", refsource: "MISC", url: "https://securelist.com/cve-2018-8453-used-in-targeted-attack", }, { name: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8453", refsource: "CONFIRM", url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8453", }, { name: "105467", refsource: "BID", url: "http://www.securityfocus.com/bid/105467", }, { name: "http://packetstormsecurity.com/files/153669/Microsoft-Windows-NtUserSetWindowFNID-Win32k-User-Callback.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/153669/Microsoft-Windows-NtUserSetWindowFNID-Win32k-User-Callback.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2018-8453", datePublished: "2018-10-10T13:00:00.000Z", dateReserved: "2018-03-14T00:00:00.000Z", dateUpdated: "2025-02-07T16:38:18.281Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-0703
Vulnerability from cvelistv5
Published
2019-04-08 23:41
Modified
2025-02-07 16:28
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability exists in the way that the Windows SMB Server handles certain requests, aka 'Windows SMB Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0704, CVE-2019-0821.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0703 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Windows |
Version: 7 for 32-bit Systems Service Pack 1 Version: 7 for x64-based Systems Service Pack 1 Version: 8.1 for 32-bit systems Version: 8.1 for x64-based systems Version: RT 8.1 Version: 10 for 32-bit Systems Version: 10 for x64-based Systems Version: 10 Version 1607 for 32-bit Systems Version: 10 Version 1607 for x64-based Systems Version: 10 Version 1703 for 32-bit Systems Version: 10 Version 1703 for x64-based Systems Version: 10 Version 1709 for 32-bit Systems Version: 10 Version 1709 for x64-based Systems Version: 10 Version 1803 for 32-bit Systems Version: 10 Version 1803 for x64-based Systems Version: 10 Version 1803 for ARM64-based Systems Version: 10 Version 1809 for 32-bit Systems Version: 10 Version 1709 for ARM64-based Systems |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T17:51:27.154Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0703", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2019-0703", options: [ { Exploitation: "active", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-02-07T16:19:46.019973Z", version: "2.0.3", }, type: "ssvc", }, }, { other: { content: { dateAdded: "2022-05-23", reference: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2019-0703", }, type: "kev", }, }, ], problemTypes: [ { descriptions: [ { description: "CWE-noinfo Not enough information", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-07T16:28:17.013Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Windows", vendor: "Microsoft", versions: [ { status: "affected", version: "7 for 32-bit Systems Service Pack 1", }, { status: "affected", version: "7 for x64-based Systems Service Pack 1", }, { status: "affected", version: "8.1 for 32-bit systems", }, { status: "affected", version: "8.1 for x64-based systems", }, { status: "affected", version: "RT 8.1", }, { status: "affected", version: "10 for 32-bit Systems", }, { status: "affected", version: "10 for x64-based Systems", }, { status: "affected", version: "10 Version 1607 for 32-bit Systems", }, { status: "affected", version: "10 Version 1607 for x64-based Systems", }, { status: "affected", version: "10 Version 1703 for 32-bit Systems", }, { status: "affected", version: "10 Version 1703 for x64-based Systems", }, { status: "affected", version: "10 Version 1709 for 32-bit Systems", }, { status: "affected", version: "10 Version 1709 for x64-based Systems", }, { status: "affected", version: "10 Version 1803 for 32-bit Systems", }, { status: "affected", version: "10 Version 1803 for x64-based Systems", }, { status: "affected", version: "10 Version 1803 for ARM64-based Systems", }, { status: "affected", version: "10 Version 1809 for 32-bit Systems", }, { status: "affected", version: "10 Version 1709 for ARM64-based Systems", }, ], }, { product: "Windows Server", vendor: "Microsoft", versions: [ { status: "affected", version: "2008 R2 for x64-based Systems Service Pack 1 (Core installation)", }, { status: "affected", version: "n/a", }, ], }, ], datePublic: "2019-03-12T00:00:00.000Z", descriptions: [ { lang: "en", value: "An information disclosure vulnerability exists in the way that the Windows SMB Server handles certain requests, aka 'Windows SMB Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0704, CVE-2019-0821.", }, ], problemTypes: [ { descriptions: [ { description: "Information Disclosure", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-04-08T23:41:43.000Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0703", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2019-0703", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Windows", version: { version_data: [ { version_value: "7 for 32-bit Systems Service Pack 1", }, { version_value: "7 for x64-based Systems Service Pack 1", }, { version_value: "8.1 for 32-bit systems", }, { version_value: "8.1 for x64-based systems", }, { version_value: "RT 8.1", }, { version_value: "10 for 32-bit Systems", }, { version_value: "10 for x64-based Systems", }, { version_value: "10 Version 1607 for 32-bit Systems", }, { version_value: "10 Version 1607 for x64-based Systems", }, { version_value: "10 Version 1703 for 32-bit Systems", }, { version_value: "10 Version 1703 for x64-based Systems", }, { version_value: "10 Version 1709 for 32-bit Systems", }, { version_value: "10 Version 1709 for x64-based Systems", }, { version_value: "10 Version 1803 for 32-bit Systems", }, { version_value: "10 Version 1803 for x64-based Systems", }, { version_value: "10 Version 1803 for ARM64-based Systems", }, { version_value: "10 Version 1809 for 32-bit Systems", }, { version_value: "10 Version 1709 for ARM64-based Systems", }, ], }, }, { product_name: "Windows Server", version: { version_data: [ { version_value: "2008 R2 for x64-based Systems Service Pack 1 (Core installation)", }, { version_value: "n/a", }, ], }, }, ], }, vendor_name: "Microsoft", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An information disclosure vulnerability exists in the way that the Windows SMB Server handles certain requests, aka 'Windows SMB Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0704, CVE-2019-0821.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Information Disclosure", }, ], }, ], }, references: { reference_data: [ { name: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0703", refsource: "CONFIRM", url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0703", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2019-0703", datePublished: "2019-04-08T23:41:43.000Z", dateReserved: "2018-11-26T00:00:00.000Z", dateUpdated: "2025-02-07T16:28:17.013Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
Vulnerability from fkie_nvd
Published
2018-02-15 02:29
Modified
2024-11-21 03:39
Severity ?
Summary
The Windows Common Log File System (CLFS) driver in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to how objects in memory are handled, aka "Windows Common Log File System Driver Elevation Of Privilege Vulnerability". This CVE is unique from CVE-2018-0846.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securityfocus.com/bid/102929 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | http://www.securitytracker.com/id/1040380 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0844 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/102929 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1040380 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0844 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | windows_10 | - | |
| microsoft | windows_10 | 1511 | |
| microsoft | windows_10 | 1607 | |
| microsoft | windows_10 | 1703 | |
| microsoft | windows_10 | 1709 | |
| microsoft | windows_7 | * | |
| microsoft | windows_8.1 | * | |
| microsoft | windows_rt_8.1 | * | |
| microsoft | windows_server_1709 | * | |
| microsoft | windows_server_2008 | * | |
| microsoft | windows_server_2008 | r2 | |
| microsoft | windows_server_2012 | * | |
| microsoft | windows_server_2012 | r2 | |
| microsoft | windows_server_2016 | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", matchCriteriaId: "21540673-614A-4D40-8BD7-3F07723803B0", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*", matchCriteriaId: "232581CC-130A-4C62-A7E9-2EC9A9364D53", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", matchCriteriaId: "E01A4CCA-4C43-46E0-90E6-3E4DBFBACD64", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*", matchCriteriaId: "AEE2E768-0F45-46E1-B6D7-087917109D98", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*", matchCriteriaId: "83B14968-3985-43C3-ACE5-8307196EFAE3", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_7:*:sp1:*:*:*:*:*:*", matchCriteriaId: "7519928D-0FF2-4584-8058-4C7764CD5671", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*", matchCriteriaId: "A7F51B5F-AA19-4D31-89FA-6DFAC4BA8F0F", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_rt_8.1:*:*:*:*:*:*:*:*", matchCriteriaId: "197E82CB-81AF-40F1-A55C-7B596891A783", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_1709:*:*:*:*:*:*:*:*", matchCriteriaId: "A38173B4-C5CA-472D-88BD-34094E290AC9", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2008:*:sp2:*:*:*:*:*:*", matchCriteriaId: "0C28897B-044A-447B-AD76-6397F8190177", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*", matchCriteriaId: "2ACA9287-B475-4AF7-A4DA-A7143CEF9E57", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:*:*", matchCriteriaId: "80EB5690-B20F-457A-A202-FBADAA17E05C", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", matchCriteriaId: "DB18C4CE-5917-401E-ACF7-2747084FD36E", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*", matchCriteriaId: "AF6437F9-6631-49D3-A6C2-62329E278E31", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The Windows Common Log File System (CLFS) driver in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to how objects in memory are handled, aka \"Windows Common Log File System Driver Elevation Of Privilege Vulnerability\". This CVE is unique from CVE-2018-0846.", }, { lang: "es", value: "El controlador Windows Common Log File System (CLFS) en Windows 7 SP1, Windows 8.1 y RT 8.1, Windows Server 2008 SP2 y R2 SP1, Windows Server 2012 y R2, Windows 10 Gold, 1511, 1607, 1703 y 1709, Windows Server 2016 y Windows Server, versión 1709 permite una vulnerabilidad de elevación de privilegios debido a la forma en la que se gestionan los objetos en la memoria. Esto también se conoce como \"Windows Common Log File System Driver Elevation Of Privilege Vulnerability\". El ID de este CVE es diferente de CVE-2018-0846.", }, ], id: "CVE-2018-0844", lastModified: "2024-11-21T03:39:04.613", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.6, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-02-15T02:29:02.920", references: [ { source: "secure@microsoft.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/102929", }, { source: "secure@microsoft.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1040380", }, { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0844", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/102929", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1040380", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0844", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-04-09 21:29
Modified
2025-04-10 16:57
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0685, CVE-2019-0803.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0859 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0859 | Patch, Vendor Advisory |
Impacted products
{ cisaActionDue: "2022-05-03", cisaExploitAdd: "2021-11-03", cisaRequiredAction: "Apply updates per vendor instructions.", cisaVulnerabilityName: "Microsoft Win32k Privilege Escalation Vulnerability", configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows_10_1507:-:*:*:*:*:*:x64:*", matchCriteriaId: "A045AC0A-471E-444C-B3B0-4CABC23E8CFB", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10_1507:-:*:*:*:*:*:x86:*", matchCriteriaId: "28A7FEE9-B473-48A0-B0ED-A5CC1E44194C", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10_1607:-:*:*:*:*:*:x64:*", matchCriteriaId: "5E491E46-1917-41FE-8F9A-BB0BDDEB42C3", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10_1607:-:*:*:*:*:*:x86:*", matchCriteriaId: "0A1BC97A-263E-4291-8AEF-02EE4E6031E9", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10_1703:-:*:*:*:*:*:x64:*", matchCriteriaId: "B98DB3FF-CC3B-4E9F-A9CC-EC4C89AF3B31", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10_1703:-:*:*:*:*:*:x86:*", matchCriteriaId: "8733BF37-7BF2-409D-9452-DA8A92DA1124", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10_1709:-:*:*:*:*:*:arm64:*", matchCriteriaId: "555C22C7-356D-4DA7-8CED-DA7423BBC6CF", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10_1709:-:*:*:*:*:*:x64:*", matchCriteriaId: "469F95D3-ABBB-4F1A-A000-BE0F6BD60FF6", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10_1709:-:*:*:*:*:*:x86:*", matchCriteriaId: "D76003FB-EE99-4D8E-B6A0-B13C2041E5A0", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10_1803:-:*:*:*:*:*:arm64:*", matchCriteriaId: "40151476-C0FD-4336-8194-039E8827B7C8", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10_1803:-:*:*:*:*:*:x64:*", matchCriteriaId: "D82F8AF7-ED01-4649-849E-F248F0E02384", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10_1803:-:*:*:*:*:*:x86:*", matchCriteriaId: "C1CFB53B-B17B-47BD-BAC1-C6C5D168FFB6", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10_1809:-:*:*:*:*:*:arm64:*", matchCriteriaId: "73D24713-D897-408D-893B-77A61982597D", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10_1809:-:*:*:*:*:*:x64:*", matchCriteriaId: "306B7CE6-8239-4AED-9ED4-4C9F5B349F58", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10_1809:-:*:*:*:*:*:x86:*", matchCriteriaId: "345FCD64-D37B-425B-B64C-8B1640B7E850", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", matchCriteriaId: "C2B1C231-DE19-4B8F-A4AA-5B3A65276E46", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", matchCriteriaId: "E93068DB-549B-45AB-8E5C-00EB5D8B5CF8", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", matchCriteriaId: "C6CE5198-C498-4672-AF4C-77AB4BE06C5C", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_1709:-:*:*:*:*:*:*:*", matchCriteriaId: "53695559-6E95-43C1-AD7C-1D99473223C2", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_1803:-:*:*:*:*:*:*:*", matchCriteriaId: "37097C39-D588-4018-B94D-5EB87B1E3D5A", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", matchCriteriaId: "5F422A8C-2C4E-42C8-B420-E0728037E15C", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*", matchCriteriaId: "B320A104-9037-487E-BC9A-62B4A6B49FD0", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", matchCriteriaId: "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", matchCriteriaId: "A7DF96F8-BA6A-4780-9CA3-F719B3F81074", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", matchCriteriaId: "DB18C4CE-5917-401E-ACF7-2747084FD36E", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", matchCriteriaId: "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", matchCriteriaId: "DB79EE26-FC32-417D-A49C-A1A63165A968", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0685, CVE-2019-0803.", }, { lang: "es", value: "Se presenta una vulnerabilidad de elevación de privilegios en Windows cuando el componente Win32k no puede manejar apropiadamente los objetos en la memoria, también se conoce como \"Win32k Elevation of Privilege Vulnerability\". Este ID de CVE es diferente de CVE-2019-0685, CVE-2019-0803.", }, ], id: "CVE-2019-0859", lastModified: "2025-04-10T16:57:13.140", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.2, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2019-04-09T21:29:02.520", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0859", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0859", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-02-15 02:29
Modified
2024-11-21 03:39
Severity ?
Summary
The Windows Common Log File System (CLFS) driver in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to how objects in memory are handled, aka "Windows Common Log File System Driver Elevation Of Privilege Vulnerability". This CVE is unique from CVE-2018-0844.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securityfocus.com/bid/102931 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | http://www.securitytracker.com/id/1040380 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0846 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/102931 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1040380 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0846 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | windows_10 | - | |
| microsoft | windows_10 | 1511 | |
| microsoft | windows_10 | 1607 | |
| microsoft | windows_10 | 1703 | |
| microsoft | windows_10 | 1709 | |
| microsoft | windows_7 | * | |
| microsoft | windows_8.1 | * | |
| microsoft | windows_rt_8.1 | * | |
| microsoft | windows_server_1709 | * | |
| microsoft | windows_server_2008 | * | |
| microsoft | windows_server_2008 | r2 | |
| microsoft | windows_server_2012 | * | |
| microsoft | windows_server_2012 | r2 | |
| microsoft | windows_server_2016 | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", matchCriteriaId: "21540673-614A-4D40-8BD7-3F07723803B0", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*", matchCriteriaId: "232581CC-130A-4C62-A7E9-2EC9A9364D53", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", matchCriteriaId: "E01A4CCA-4C43-46E0-90E6-3E4DBFBACD64", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*", matchCriteriaId: "AEE2E768-0F45-46E1-B6D7-087917109D98", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*", matchCriteriaId: "83B14968-3985-43C3-ACE5-8307196EFAE3", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_7:*:sp1:*:*:*:*:*:*", matchCriteriaId: "7519928D-0FF2-4584-8058-4C7764CD5671", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*", matchCriteriaId: "A7F51B5F-AA19-4D31-89FA-6DFAC4BA8F0F", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_rt_8.1:*:*:*:*:*:*:*:*", matchCriteriaId: "197E82CB-81AF-40F1-A55C-7B596891A783", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_1709:*:*:*:*:*:*:*:*", matchCriteriaId: "A38173B4-C5CA-472D-88BD-34094E290AC9", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2008:*:sp2:*:*:*:*:*:*", matchCriteriaId: "0C28897B-044A-447B-AD76-6397F8190177", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*", matchCriteriaId: "2ACA9287-B475-4AF7-A4DA-A7143CEF9E57", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:*:*", matchCriteriaId: "80EB5690-B20F-457A-A202-FBADAA17E05C", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", matchCriteriaId: "DB18C4CE-5917-401E-ACF7-2747084FD36E", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*", matchCriteriaId: "AF6437F9-6631-49D3-A6C2-62329E278E31", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The Windows Common Log File System (CLFS) driver in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to how objects in memory are handled, aka \"Windows Common Log File System Driver Elevation Of Privilege Vulnerability\". This CVE is unique from CVE-2018-0844.", }, { lang: "es", value: "El controlador Windows Common Log File System (CLFS) en Windows 7 SP1, Windows 8.1 y RT 8.1, Windows Server 2008 SP2 y R2 SP1, Windows Server 2012 y R2, Windows 10 Gold, 1511, 1607, 1703 y 1709, Windows Server 2016 y Windows Server, versión 1709 permite una vulnerabilidad de elevación de privilegios debido a la forma en la que se gestionan los objetos en la memoria. Esto también se conoce como \"Windows Common Log File System Driver Elevation Of Privilege Vulnerability\". El ID de este CVE es diferente de CVE-2018-0844.", }, ], id: "CVE-2018-0846", lastModified: "2024-11-21T03:39:04.860", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.6, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-02-15T02:29:02.967", references: [ { source: "secure@microsoft.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/102931", }, { source: "secure@microsoft.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1040380", }, { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0846", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/102931", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1040380", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0846", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-10-10 13:29
Modified
2025-04-07 18:22
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
References
Impacted products
{ cisaActionDue: "2022-07-21", cisaExploitAdd: "2022-01-21", cisaRequiredAction: "Apply updates per vendor instructions.", cisaVulnerabilityName: "Microsoft Win32k Privilege Escalation Vulnerability", configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows_10_1507:-:*:*:*:*:*:*:*", matchCriteriaId: "542DAEEC-73CC-46C6-A630-BF474A3446AC", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10_1607:-:*:*:*:*:*:*:*", matchCriteriaId: "61019899-D7AF-46E4-A72C-D189180F66AB", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10_1703:-:*:*:*:*:*:*:*", matchCriteriaId: "E1DD582C-1660-4E6E-81A1-537BD1307A99", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10_1709:-:*:*:*:*:*:*:*", matchCriteriaId: "AC160B20-3EA0-49A0-A857-4E7A1C2D74E2", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10_1803:-:*:*:*:*:*:*:*", matchCriteriaId: "00345596-E9E0-4096-8DC6-0212F4747A13", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10_1809:-:*:*:*:*:*:*:*", matchCriteriaId: "2E332666-2E03-468E-BC30-299816D6E8ED", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", matchCriteriaId: "C2B1C231-DE19-4B8F-A4AA-5B3A65276E46", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", matchCriteriaId: "E93068DB-549B-45AB-8E5C-00EB5D8B5CF8", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", matchCriteriaId: "C6CE5198-C498-4672-AF4C-77AB4BE06C5C", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_1709:-:*:*:*:*:*:*:*", matchCriteriaId: "53695559-6E95-43C1-AD7C-1D99473223C2", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_1803:-:*:*:*:*:*:*:*", matchCriteriaId: "37097C39-D588-4018-B94D-5EB87B1E3D5A", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", matchCriteriaId: "5F422A8C-2C4E-42C8-B420-E0728037E15C", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*", matchCriteriaId: "2ACA9287-B475-4AF7-A4DA-A7143CEF9E57", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", matchCriteriaId: "A7DF96F8-BA6A-4780-9CA3-F719B3F81074", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", matchCriteriaId: "DB18C4CE-5917-401E-ACF7-2747084FD36E", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", matchCriteriaId: "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", matchCriteriaId: "DB79EE26-FC32-417D-A49C-A1A63165A968", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka \"Win32k Elevation of Privilege Vulnerability.\" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.", }, { lang: "es", value: "Existe una vulnerabilidad de elevación de privilegios en Windows cuando el componente Win32k no gestiona adecuadamente los objetos en la memoria. Esto también se conoce como \"Win32k Elevation of Privilege Vulnerability\". Esto afecta a Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10 y Windows 10 Servers.", }, ], id: "CVE-2018-8453", lastModified: "2025-04-07T18:22:53.387", metrics: { cvssMetricV2: [ { acInsufInfo: true, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.2, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2018-10-10T13:29:02.557", references: [ { source: "secure@microsoft.com", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/153669/Microsoft-Windows-NtUserSetWindowFNID-Win32k-User-Callback.html", }, { source: "secure@microsoft.com", tags: [ "Broken Link", "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/105467", }, { source: "secure@microsoft.com", tags: [ "Broken Link", "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1041828", }, { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8453", }, { source: "secure@microsoft.com", tags: [ "Exploit", "Technical Description", "Third Party Advisory", ], url: "https://securelist.com/cve-2018-8453-used-in-targeted-attack", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/153669/Microsoft-Windows-NtUserSetWindowFNID-Win32k-User-Callback.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/105467", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1041828", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8453", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Technical Description", "Third Party Advisory", ], url: "https://securelist.com/cve-2018-8453-used-in-targeted-attack", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-04-09 03:29
Modified
2025-04-08 15:59
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0808.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0797 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0797 | Patch, Vendor Advisory |
Impacted products
{ cisaActionDue: "2022-05-03", cisaExploitAdd: "2021-11-03", cisaRequiredAction: "Apply updates per vendor instructions.", cisaVulnerabilityName: "Microsoft Win32k Privilege Escalation Vulnerability", configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows_10_1507:-:*:*:*:*:*:x64:*", matchCriteriaId: "A045AC0A-471E-444C-B3B0-4CABC23E8CFB", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10_1507:-:*:*:*:*:*:x86:*", matchCriteriaId: "28A7FEE9-B473-48A0-B0ED-A5CC1E44194C", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10_1607:-:*:*:*:*:*:x64:*", matchCriteriaId: "5E491E46-1917-41FE-8F9A-BB0BDDEB42C3", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10_1607:-:*:*:*:*:*:x86:*", matchCriteriaId: "0A1BC97A-263E-4291-8AEF-02EE4E6031E9", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10_1703:-:*:*:*:*:*:x64:*", matchCriteriaId: "B98DB3FF-CC3B-4E9F-A9CC-EC4C89AF3B31", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10_1703:-:*:*:*:*:*:x86:*", matchCriteriaId: "8733BF37-7BF2-409D-9452-DA8A92DA1124", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10_1709:-:*:*:*:*:*:arm64:*", matchCriteriaId: "555C22C7-356D-4DA7-8CED-DA7423BBC6CF", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10_1709:-:*:*:*:*:*:x64:*", matchCriteriaId: "469F95D3-ABBB-4F1A-A000-BE0F6BD60FF6", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10_1709:-:*:*:*:*:*:x86:*", matchCriteriaId: "D76003FB-EE99-4D8E-B6A0-B13C2041E5A0", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10_1803:-:*:*:*:*:*:arm64:*", matchCriteriaId: "40151476-C0FD-4336-8194-039E8827B7C8", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10_1803:-:*:*:*:*:*:x64:*", matchCriteriaId: "D82F8AF7-ED01-4649-849E-F248F0E02384", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10_1803:-:*:*:*:*:*:x86:*", matchCriteriaId: "C1CFB53B-B17B-47BD-BAC1-C6C5D168FFB6", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10_1809:-:*:*:*:*:*:arm64:*", matchCriteriaId: "73D24713-D897-408D-893B-77A61982597D", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10_1809:-:*:*:*:*:*:x64:*", matchCriteriaId: "306B7CE6-8239-4AED-9ED4-4C9F5B349F58", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10_1809:-:*:*:*:*:*:x86:*", matchCriteriaId: "345FCD64-D37B-425B-B64C-8B1640B7E850", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", matchCriteriaId: "E93068DB-549B-45AB-8E5C-00EB5D8B5CF8", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", matchCriteriaId: "C6CE5198-C498-4672-AF4C-77AB4BE06C5C", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_1709:-:*:*:*:*:*:*:*", matchCriteriaId: "53695559-6E95-43C1-AD7C-1D99473223C2", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_1803:-:*:*:*:*:*:*:*", matchCriteriaId: "37097C39-D588-4018-B94D-5EB87B1E3D5A", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", matchCriteriaId: "A7DF96F8-BA6A-4780-9CA3-F719B3F81074", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", matchCriteriaId: "DB18C4CE-5917-401E-ACF7-2747084FD36E", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", matchCriteriaId: "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", matchCriteriaId: "DB79EE26-FC32-417D-A49C-A1A63165A968", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0808.", }, { lang: "es", value: "Existe una escalada de privilegios en Windows cuando el componente Win32k no gestiona correctamente los objetos de la memoria, también conocido como 'Win32k Elevation of Privilege Vulnerability'. Este CVE ID es único de CVE-2019-0808.", }, ], id: "CVE-2019-0797", lastModified: "2025-04-08T15:59:36.357", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.2, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2019-04-09T03:29:00.763", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0797", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0797", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-08-15 17:29
Modified
2025-04-04 20:28
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
A remote code execution vulnerability exists when the Windows Shell does not properly validate file paths, aka "Windows Shell Remote Code Execution Vulnerability." This affects Windows 10 Servers, Windows 10.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securityfocus.com/bid/105016 | Broken Link, Third Party Advisory, VDB Entry | |
| secure@microsoft.com | http://www.securitytracker.com/id/1041458 | Broken Link, Third Party Advisory, VDB Entry | |
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8414 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/105016 | Broken Link, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1041458 | Broken Link, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8414 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | windows_10_1703 | - | |
| microsoft | windows_10_1703 | - | |
| microsoft | windows_10_1709 | - | |
| microsoft | windows_10_1709 | - | |
| microsoft | windows_10_1803 | - | |
| microsoft | windows_10_1803 | - | |
| microsoft | windows_server_1709 | - | |
| microsoft | windows_server_1803 | - |
{ cisaActionDue: "2022-04-15", cisaExploitAdd: "2022-03-25", cisaRequiredAction: "Apply updates per vendor instructions.", cisaVulnerabilityName: "Microsoft Windows Shell Remote Code Execution Vulnerability", configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows_10_1703:-:*:*:*:*:*:x64:*", matchCriteriaId: "B98DB3FF-CC3B-4E9F-A9CC-EC4C89AF3B31", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10_1703:-:*:*:*:*:*:x86:*", matchCriteriaId: "8733BF37-7BF2-409D-9452-DA8A92DA1124", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10_1709:-:*:*:*:*:*:x64:*", matchCriteriaId: "469F95D3-ABBB-4F1A-A000-BE0F6BD60FF6", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10_1709:-:*:*:*:*:*:x86:*", matchCriteriaId: "D76003FB-EE99-4D8E-B6A0-B13C2041E5A0", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10_1803:-:*:*:*:*:*:x64:*", matchCriteriaId: "D82F8AF7-ED01-4649-849E-F248F0E02384", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10_1803:-:*:*:*:*:*:x86:*", matchCriteriaId: "C1CFB53B-B17B-47BD-BAC1-C6C5D168FFB6", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_1709:-:*:*:*:*:*:x64:*", matchCriteriaId: "9EFB4440-2B6B-486F-94D4-7D9C80301E51", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_1803:-:*:*:*:*:*:x64:*", matchCriteriaId: "FD3218D1-BE39-4CEB-A88F-E715B722862B", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A remote code execution vulnerability exists when the Windows Shell does not properly validate file paths, aka \"Windows Shell Remote Code Execution Vulnerability.\" This affects Windows 10 Servers, Windows 10.", }, { lang: "es", value: "Existe una vulnerabilidad de ejecución remota de código cuando Windows Shell no valida incorrectamente las rutas de archivo. Esto también se conoce como \"Windows Shell Remote Code Execution Vulnerability\". Esto afecta a Windows 10 Servers y Windows 10.", }, ], id: "CVE-2018-8414", lastModified: "2025-04-04T20:28:11.753", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 9.3, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:M/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2018-08-15T17:29:10.393", references: [ { source: "secure@microsoft.com", tags: [ "Broken Link", "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/105016", }, { source: "secure@microsoft.com", tags: [ "Broken Link", "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1041458", }, { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8414", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/105016", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1041458", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8414", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-20", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2018-08-15 17:29
Modified
2025-04-10 16:56
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory, aka "DirectX Graphics Kernel Elevation of Privilege Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8400, CVE-2018-8401, CVE-2018-8406.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securityfocus.com/bid/105011 | Broken Link, Third Party Advisory, VDB Entry | |
| secure@microsoft.com | http://www.securitytracker.com/id/1041461 | Broken Link, Third Party Advisory, VDB Entry | |
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8405 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/105011 | Broken Link, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1041461 | Broken Link, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8405 | Patch, Vendor Advisory |
Impacted products
{ cisaActionDue: "2022-04-18", cisaExploitAdd: "2022-03-28", cisaRequiredAction: "Apply updates per vendor instructions.", cisaVulnerabilityName: "Microsoft DirectX Graphics Kernel Privilege Escalation Vulnerability", configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows_10_1507:-:*:*:*:*:*:x64:*", matchCriteriaId: "A045AC0A-471E-444C-B3B0-4CABC23E8CFB", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10_1507:-:*:*:*:*:*:x86:*", matchCriteriaId: "28A7FEE9-B473-48A0-B0ED-A5CC1E44194C", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10_1607:-:*:*:*:*:*:x64:*", matchCriteriaId: "5E491E46-1917-41FE-8F9A-BB0BDDEB42C3", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10_1607:-:*:*:*:*:*:x86:*", matchCriteriaId: "0A1BC97A-263E-4291-8AEF-02EE4E6031E9", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10_1703:-:*:*:*:*:*:x64:*", matchCriteriaId: "B98DB3FF-CC3B-4E9F-A9CC-EC4C89AF3B31", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10_1703:-:*:*:*:*:*:x86:*", matchCriteriaId: "8733BF37-7BF2-409D-9452-DA8A92DA1124", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10_1709:-:*:*:*:*:*:x64:*", matchCriteriaId: "469F95D3-ABBB-4F1A-A000-BE0F6BD60FF6", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10_1709:-:*:*:*:*:*:x86:*", matchCriteriaId: "D76003FB-EE99-4D8E-B6A0-B13C2041E5A0", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10_1803:-:*:*:*:*:*:x64:*", matchCriteriaId: "D82F8AF7-ED01-4649-849E-F248F0E02384", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10_1803:-:*:*:*:*:*:x86:*", matchCriteriaId: "C1CFB53B-B17B-47BD-BAC1-C6C5D168FFB6", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", matchCriteriaId: "E93068DB-549B-45AB-8E5C-00EB5D8B5CF8", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", matchCriteriaId: "C6CE5198-C498-4672-AF4C-77AB4BE06C5C", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_1709:-:*:*:*:*:*:*:*", matchCriteriaId: "53695559-6E95-43C1-AD7C-1D99473223C2", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_1803:-:*:*:*:*:*:*:*", matchCriteriaId: "37097C39-D588-4018-B94D-5EB87B1E3D5A", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", matchCriteriaId: "DB18C4CE-5917-401E-ACF7-2747084FD36E", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", matchCriteriaId: "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory, aka \"DirectX Graphics Kernel Elevation of Privilege Vulnerability.\" This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8400, CVE-2018-8401, CVE-2018-8406.", }, { lang: "es", value: "Existe una vulnerabilidad de elevación de privilegios cuando el controlador DirectX Graphics Kernel (DXGKRNL) gestiona incorrectamente los objetos en la memoria. Esto también se conoce como \"DirectX Graphics Kernel Elevation of Privilege Vulnerability\". Esto afecta a Windows Server 2012 R2, Windows RT 8.1, Windows Server 2016, Windows 8.1, Windows 10 y Windows 10 Servers. El ID de este CVE es diferente de CVE-2018-8400, CVE-2018-8401 y CVE-2018-8406.", }, ], id: "CVE-2018-8405", lastModified: "2025-04-10T16:56:43.263", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.2, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2018-08-15T17:29:10.050", references: [ { source: "secure@microsoft.com", tags: [ "Broken Link", "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/105011", }, { source: "secure@microsoft.com", tags: [ "Broken Link", "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1041461", }, { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8405", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/105011", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1041461", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8405", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-404", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-404", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2018-05-09 19:29
Modified
2025-03-31 21:03
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
A remote code execution vulnerability exists in "Microsoft COM for Windows" when it fails to properly handle serialized objects, aka "Microsoft COM for Windows Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securityfocus.com/bid/104030 | Broken Link, Third Party Advisory, VDB Entry | |
| secure@microsoft.com | http://www.securitytracker.com/id/1040848 | Broken Link, Third Party Advisory, VDB Entry | |
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0824 | Patch, Vendor Advisory | |
| secure@microsoft.com | https://www.exploit-db.com/exploits/44906/ | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/104030 | Broken Link, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1040848 | Broken Link, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0824 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/44906/ | Exploit, Third Party Advisory, VDB Entry |
Impacted products
{ cisaActionDue: "2024-08-26", cisaExploitAdd: "2024-08-05", cisaRequiredAction: "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", cisaVulnerabilityName: "Microsoft COM for Windows Deserialization of Untrusted Data Vulnerability", configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows_10_1507:-:*:*:*:*:*:*:*", matchCriteriaId: "542DAEEC-73CC-46C6-A630-BF474A3446AC", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10_1607:-:*:*:*:*:*:*:*", matchCriteriaId: "61019899-D7AF-46E4-A72C-D189180F66AB", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10_1703:-:*:*:*:*:*:*:*", matchCriteriaId: "E1DD582C-1660-4E6E-81A1-537BD1307A99", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10_1709:-:*:*:*:*:*:*:*", matchCriteriaId: "AC160B20-3EA0-49A0-A857-4E7A1C2D74E2", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10_1803:-:*:*:*:*:*:*:*", matchCriteriaId: "00345596-E9E0-4096-8DC6-0212F4747A13", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", matchCriteriaId: "C2B1C231-DE19-4B8F-A4AA-5B3A65276E46", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", matchCriteriaId: "E93068DB-549B-45AB-8E5C-00EB5D8B5CF8", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", matchCriteriaId: "C6CE5198-C498-4672-AF4C-77AB4BE06C5C", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_1709:-:*:*:*:*:*:*:*", matchCriteriaId: "53695559-6E95-43C1-AD7C-1D99473223C2", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_1803:-:*:*:*:*:*:*:*", matchCriteriaId: "37097C39-D588-4018-B94D-5EB87B1E3D5A", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", matchCriteriaId: "5F422A8C-2C4E-42C8-B420-E0728037E15C", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*", matchCriteriaId: "B320A104-9037-487E-BC9A-62B4A6B49FD0", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", matchCriteriaId: "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", matchCriteriaId: "A7DF96F8-BA6A-4780-9CA3-F719B3F81074", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", matchCriteriaId: "DB18C4CE-5917-401E-ACF7-2747084FD36E", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", matchCriteriaId: "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A remote code execution vulnerability exists in \"Microsoft COM for Windows\" when it fails to properly handle serialized objects, aka \"Microsoft COM for Windows Remote Code Execution Vulnerability.\" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.", }, { lang: "es", value: "Existe una vulnerabilidad de ejecución remota de código en \"Microsoft COM for Windows\" cuando no gestiona correctamente objetos serializados. Esto también se conoce como \"Microsoft COM for Windows Remote Code Execution Vulnerability\". Esto afecta a Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10 y Windows 10 Servers.", }, ], id: "CVE-2018-0824", lastModified: "2025-03-31T21:03:30.687", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5.1, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:H/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 4.9, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.6, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2018-05-09T19:29:00.370", references: [ { source: "secure@microsoft.com", tags: [ "Broken Link", "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/104030", }, { source: "secure@microsoft.com", tags: [ "Broken Link", "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1040848", }, { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0824", }, { source: "secure@microsoft.com", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "https://www.exploit-db.com/exploits/44906/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/104030", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1040848", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0824", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "https://www.exploit-db.com/exploits/44906/", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-502", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-502", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2019-04-09 00:29
Modified
2025-04-08 15:59
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
An information disclosure vulnerability exists in the way that the Windows SMB Server handles certain requests, aka 'Windows SMB Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0704, CVE-2019-0821.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0703 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0703 | Patch, Vendor Advisory |
Impacted products
{ cisaActionDue: "2022-06-13", cisaExploitAdd: "2022-05-23", cisaRequiredAction: "Apply updates per vendor instructions.", cisaVulnerabilityName: "Microsoft Windows SMB Information Disclosure Vulnerability", configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows_10_1507:-:*:*:*:*:*:x64:*", matchCriteriaId: "A045AC0A-471E-444C-B3B0-4CABC23E8CFB", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10_1507:-:*:*:*:*:*:x86:*", matchCriteriaId: "28A7FEE9-B473-48A0-B0ED-A5CC1E44194C", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10_1607:-:*:*:*:*:*:x64:*", matchCriteriaId: "5E491E46-1917-41FE-8F9A-BB0BDDEB42C3", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10_1607:-:*:*:*:*:*:x86:*", matchCriteriaId: "0A1BC97A-263E-4291-8AEF-02EE4E6031E9", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10_1703:-:*:*:*:*:*:x64:*", matchCriteriaId: "B98DB3FF-CC3B-4E9F-A9CC-EC4C89AF3B31", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10_1703:-:*:*:*:*:*:x86:*", matchCriteriaId: "8733BF37-7BF2-409D-9452-DA8A92DA1124", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10_1709:-:*:*:*:*:*:arm64:*", matchCriteriaId: "555C22C7-356D-4DA7-8CED-DA7423BBC6CF", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10_1803:-:*:*:*:*:*:arm64:*", matchCriteriaId: "40151476-C0FD-4336-8194-039E8827B7C8", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10_1809:-:*:*:*:*:*:arm64:*", matchCriteriaId: "73D24713-D897-408D-893B-77A61982597D", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10_1809:-:*:*:*:*:*:x64:*", matchCriteriaId: "306B7CE6-8239-4AED-9ED4-4C9F5B349F58", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10_1809:-:*:*:*:*:*:x86:*", matchCriteriaId: "345FCD64-D37B-425B-B64C-8B1640B7E850", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", matchCriteriaId: "C2B1C231-DE19-4B8F-A4AA-5B3A65276E46", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", matchCriteriaId: "E93068DB-549B-45AB-8E5C-00EB5D8B5CF8", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", matchCriteriaId: "C6CE5198-C498-4672-AF4C-77AB4BE06C5C", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_1709:-:*:*:*:*:*:*:*", matchCriteriaId: "53695559-6E95-43C1-AD7C-1D99473223C2", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_1803:-:*:*:*:*:*:*:*", matchCriteriaId: "37097C39-D588-4018-B94D-5EB87B1E3D5A", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", matchCriteriaId: "5F422A8C-2C4E-42C8-B420-E0728037E15C", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*", matchCriteriaId: "B320A104-9037-487E-BC9A-62B4A6B49FD0", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", matchCriteriaId: "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", matchCriteriaId: "A7DF96F8-BA6A-4780-9CA3-F719B3F81074", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", matchCriteriaId: "DB18C4CE-5917-401E-ACF7-2747084FD36E", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", matchCriteriaId: "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", matchCriteriaId: "DB79EE26-FC32-417D-A49C-A1A63165A968", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An information disclosure vulnerability exists in the way that the Windows SMB Server handles certain requests, aka 'Windows SMB Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0704, CVE-2019-0821.", }, { lang: "es", value: "Existe una vulnerabilidad de revelación de información en la forma en que Windows SMB Server maneja ciertas solicitudes, también conocida como Vulnerabilidad de revelación de información de Windows SMB. Este CVE ID es diferente de CVE-2019-0704 y CVE-2019-0821.", }, ], id: "CVE-2019-0703", lastModified: "2025-04-08T15:59:20.227", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2019-04-09T00:29:00.887", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0703", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0703", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-08-15 17:29
Modified
2025-04-04 20:27
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory, aka "DirectX Graphics Kernel Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8400, CVE-2018-8401, CVE-2018-8405.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securityfocus.com/bid/105012 | Broken Link, Third Party Advisory, VDB Entry | |
| secure@microsoft.com | http://www.securitytracker.com/id/1041461 | Broken Link, Third Party Advisory, VDB Entry | |
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8406 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/105012 | Broken Link, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1041461 | Broken Link, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8406 | Patch, Vendor Advisory |
Impacted products
{ cisaActionDue: "2022-04-18", cisaExploitAdd: "2022-03-28", cisaRequiredAction: "Apply updates per vendor instructions.", cisaVulnerabilityName: "Microsoft DirectX Graphics Kernel Privilege Escalation Vulnerability", configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows_10_1507:-:*:*:*:*:*:x64:*", matchCriteriaId: "A045AC0A-471E-444C-B3B0-4CABC23E8CFB", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10_1507:-:*:*:*:*:*:x86:*", matchCriteriaId: "28A7FEE9-B473-48A0-B0ED-A5CC1E44194C", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10_1607:-:*:*:*:*:*:x64:*", matchCriteriaId: "5E491E46-1917-41FE-8F9A-BB0BDDEB42C3", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10_1607:-:*:*:*:*:*:x86:*", matchCriteriaId: "0A1BC97A-263E-4291-8AEF-02EE4E6031E9", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10_1703:-:*:*:*:*:*:x64:*", matchCriteriaId: "B98DB3FF-CC3B-4E9F-A9CC-EC4C89AF3B31", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10_1703:-:*:*:*:*:*:x86:*", matchCriteriaId: "8733BF37-7BF2-409D-9452-DA8A92DA1124", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10_1709:-:*:*:*:*:*:x64:*", matchCriteriaId: "469F95D3-ABBB-4F1A-A000-BE0F6BD60FF6", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10_1709:-:*:*:*:*:*:x86:*", matchCriteriaId: "D76003FB-EE99-4D8E-B6A0-B13C2041E5A0", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10_1803:-:*:*:*:*:*:x64:*", matchCriteriaId: "D82F8AF7-ED01-4649-849E-F248F0E02384", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10_1803:-:*:*:*:*:*:x86:*", matchCriteriaId: "C1CFB53B-B17B-47BD-BAC1-C6C5D168FFB6", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_1709:-:*:*:*:*:*:x64:*", matchCriteriaId: "9EFB4440-2B6B-486F-94D4-7D9C80301E51", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_1803:-:*:*:*:*:*:x64:*", matchCriteriaId: "FD3218D1-BE39-4CEB-A88F-E715B722862B", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", matchCriteriaId: "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory, aka \"DirectX Graphics Kernel Elevation of Privilege Vulnerability.\" This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8400, CVE-2018-8401, CVE-2018-8405.", }, { lang: "es", value: "Existe una vulnerabilidad de elevación de privilegios cuando el controlador DirectX Graphics Kernel (DXGKRNL) gestiona incorrectamente los objetos en la memoria. Esto también se conoce como \"DirectX Graphics Kernel Elevation of Privilege Vulnerability\". Esto afecta a Windows Server 2016, Windows 10 y Windows 10 Servers. El ID de este CVE es diferente de CVE-2018-8400, CVE-2018-8401 y CVE-2018-8405.", }, ], id: "CVE-2018-8406", lastModified: "2025-04-04T20:27:34.853", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.2, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2018-08-15T17:29:10.157", references: [ { source: "secure@microsoft.com", tags: [ "Broken Link", "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/105012", }, { source: "secure@microsoft.com", tags: [ "Broken Link", "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1041461", }, { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8406", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/105012", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1041461", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8406", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-404", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-404", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2019-06-12 14:29
Modified
2025-04-03 21:01
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links, aka 'Windows Elevation of Privilege Vulnerability'.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1064 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1064 | Patch, Vendor Advisory |
Impacted products
{ cisaActionDue: "2022-04-05", cisaExploitAdd: "2022-03-15", cisaRequiredAction: "Apply updates per vendor instructions.", cisaVulnerabilityName: "Microsoft Windows AppX Deployment Service (AppXSVC) Privilege Escalation Vulnerability", configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows_10_1607:-:*:*:*:*:*:x64:*", matchCriteriaId: "5E491E46-1917-41FE-8F9A-BB0BDDEB42C3", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10_1607:-:*:*:*:*:*:x86:*", matchCriteriaId: "0A1BC97A-263E-4291-8AEF-02EE4E6031E9", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10_1703:-:*:*:*:*:*:x64:*", matchCriteriaId: "B98DB3FF-CC3B-4E9F-A9CC-EC4C89AF3B31", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10_1703:-:*:*:*:*:*:x86:*", matchCriteriaId: "8733BF37-7BF2-409D-9452-DA8A92DA1124", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10_1709:-:*:*:*:*:*:arm64:*", matchCriteriaId: "555C22C7-356D-4DA7-8CED-DA7423BBC6CF", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10_1709:-:*:*:*:*:*:x64:*", matchCriteriaId: "469F95D3-ABBB-4F1A-A000-BE0F6BD60FF6", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10_1709:-:*:*:*:*:*:x86:*", matchCriteriaId: "D76003FB-EE99-4D8E-B6A0-B13C2041E5A0", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10_1803:-:*:*:*:*:*:arm64:*", matchCriteriaId: "40151476-C0FD-4336-8194-039E8827B7C8", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10_1803:-:*:*:*:*:*:x64:*", matchCriteriaId: "D82F8AF7-ED01-4649-849E-F248F0E02384", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10_1803:-:*:*:*:*:*:x86:*", matchCriteriaId: "C1CFB53B-B17B-47BD-BAC1-C6C5D168FFB6", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10_1809:-:*:*:*:*:*:arm64:*", matchCriteriaId: "73D24713-D897-408D-893B-77A61982597D", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10_1809:-:*:*:*:*:*:x64:*", matchCriteriaId: "306B7CE6-8239-4AED-9ED4-4C9F5B349F58", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10_1809:-:*:*:*:*:*:x86:*", matchCriteriaId: "345FCD64-D37B-425B-B64C-8B1640B7E850", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10_1903:-:*:*:*:*:*:arm64:*", matchCriteriaId: "9E1ED169-6F03-4BD5-B227-5FA54DB40AD7", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10_1903:-:*:*:*:*:*:x64:*", matchCriteriaId: "5C5B5180-1E12-45C2-8275-B9E528955307", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10_1903:-:*:*:*:*:*:x86:*", matchCriteriaId: "B6A0DB01-49CB-4445-AFE8-57C2186857BA", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_1709:-:*:*:*:*:*:x64:*", matchCriteriaId: "9EFB4440-2B6B-486F-94D4-7D9C80301E51", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_1803:-:*:*:*:*:*:x64:*", matchCriteriaId: "FD3218D1-BE39-4CEB-A88F-E715B722862B", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_1903:-:*:*:*:*:*:x64:*", matchCriteriaId: "FFE3495D-291C-46B6-B758-23E16A53A7C3", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", matchCriteriaId: "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", matchCriteriaId: "DB79EE26-FC32-417D-A49C-A1A63165A968", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links, aka 'Windows Elevation of Privilege Vulnerability'.", }, { lang: "es", value: "Existe una vulnerabilidad de elevación de privilegios cuando Windows AppX Deployment Service (AppXSVC) maneja incorrectamente los enlaces físicos, también se conoce como 'Windows Elevation of Privilege Vulnerability'.", }, ], id: "CVE-2019-1064", lastModified: "2025-04-03T21:01:45.020", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.2, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2019-06-12T14:29:04.273", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1064", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1064", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-59", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-59", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2019-01-08 21:29
Modified
2025-04-04 20:30
Severity ?
Summary
An elevation of privilege vulnerability exists when Windows improperly handles authentication requests, aka "Microsoft Windows Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securityfocus.com/bid/106408 | Broken Link, Third Party Advisory, VDB Entry | |
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0543 | Patch, Vendor Advisory | |
| secure@microsoft.com | https://www.exploit-db.com/exploits/46156/ | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/106408 | Broken Link, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0543 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/46156/ | Exploit, Third Party Advisory, VDB Entry |
Impacted products
{ cisaActionDue: "2022-04-05", cisaExploitAdd: "2022-03-15", cisaRequiredAction: "Apply updates per vendor instructions.", cisaVulnerabilityName: "Microsoft Windows Privilege Escalation Vulnerability", configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows_10_1507:-:*:*:*:*:*:x64:*", matchCriteriaId: "A045AC0A-471E-444C-B3B0-4CABC23E8CFB", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10_1507:-:*:*:*:*:*:x86:*", matchCriteriaId: "28A7FEE9-B473-48A0-B0ED-A5CC1E44194C", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10_1607:-:*:*:*:*:*:x64:*", matchCriteriaId: "5E491E46-1917-41FE-8F9A-BB0BDDEB42C3", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10_1607:-:*:*:*:*:*:x86:*", matchCriteriaId: "0A1BC97A-263E-4291-8AEF-02EE4E6031E9", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10_1703:-:*:*:*:*:*:x64:*", matchCriteriaId: "B98DB3FF-CC3B-4E9F-A9CC-EC4C89AF3B31", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10_1703:-:*:*:*:*:*:x86:*", matchCriteriaId: "8733BF37-7BF2-409D-9452-DA8A92DA1124", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10_1709:-:*:*:*:*:*:arm64:*", matchCriteriaId: "555C22C7-356D-4DA7-8CED-DA7423BBC6CF", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10_1803:-:*:*:*:*:*:arm64:*", matchCriteriaId: "40151476-C0FD-4336-8194-039E8827B7C8", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10_1803:-:*:*:*:*:*:x64:*", matchCriteriaId: "D82F8AF7-ED01-4649-849E-F248F0E02384", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10_1803:-:*:*:*:*:*:x86:*", matchCriteriaId: "C1CFB53B-B17B-47BD-BAC1-C6C5D168FFB6", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10_1809:-:*:*:*:*:*:arm64:*", matchCriteriaId: "73D24713-D897-408D-893B-77A61982597D", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10_1809:-:*:*:*:*:*:x64:*", matchCriteriaId: "306B7CE6-8239-4AED-9ED4-4C9F5B349F58", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10_1809:-:*:*:*:*:*:x86:*", matchCriteriaId: "345FCD64-D37B-425B-B64C-8B1640B7E850", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", matchCriteriaId: "C2B1C231-DE19-4B8F-A4AA-5B3A65276E46", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", matchCriteriaId: "E93068DB-549B-45AB-8E5C-00EB5D8B5CF8", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", matchCriteriaId: "C6CE5198-C498-4672-AF4C-77AB4BE06C5C", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_1709:-:*:*:*:*:*:x64:*", matchCriteriaId: "9EFB4440-2B6B-486F-94D4-7D9C80301E51", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_1803:-:*:*:*:*:*:x64:*", matchCriteriaId: "FD3218D1-BE39-4CEB-A88F-E715B722862B", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", matchCriteriaId: "5F422A8C-2C4E-42C8-B420-E0728037E15C", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*", matchCriteriaId: "B320A104-9037-487E-BC9A-62B4A6B49FD0", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", matchCriteriaId: "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", matchCriteriaId: "A7DF96F8-BA6A-4780-9CA3-F719B3F81074", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", matchCriteriaId: "DB18C4CE-5917-401E-ACF7-2747084FD36E", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", matchCriteriaId: "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", matchCriteriaId: "DB79EE26-FC32-417D-A49C-A1A63165A968", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An elevation of privilege vulnerability exists when Windows improperly handles authentication requests, aka \"Microsoft Windows Elevation of Privilege Vulnerability.\" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.", }, { lang: "es", value: "Existe un escalado de privilegios cuando Windows gestiona indebidamente las peticiones de autenticación. Esto también se conoce como \"Microsoft Windows Elevation of Privilege Vulnerability\". Esto afecta a Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10 y Windows 10 Servers.", }, ], id: "CVE-2019-0543", lastModified: "2025-04-04T20:30:18.077", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.6, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-01-08T21:29:00.517", references: [ { source: "secure@microsoft.com", tags: [ "Broken Link", "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/106408", }, { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0543", }, { source: "secure@microsoft.com", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "https://www.exploit-db.com/exploits/46156/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/106408", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0543", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "https://www.exploit-db.com/exploits/46156/", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-287", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-287", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2018-10-10 13:29
Modified
2024-11-21 04:13
Severity ?
Summary
An information disclosure vulnerability exists when the Windows TCP/IP stack improperly handles fragmented IP packets, aka "Windows TCP/IP Information Disclosure Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securityfocus.com/bid/105456 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | http://www.securitytracker.com/id/1041843 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8493 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/105456 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1041843 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8493 | Patch, Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows_10_1507:-:*:*:*:*:*:*:*", matchCriteriaId: "542DAEEC-73CC-46C6-A630-BF474A3446AC", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10_1607:-:*:*:*:*:*:*:*", matchCriteriaId: "61019899-D7AF-46E4-A72C-D189180F66AB", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10_1703:-:*:*:*:*:*:*:*", matchCriteriaId: "E1DD582C-1660-4E6E-81A1-537BD1307A99", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10_1709:-:*:*:*:*:*:*:*", matchCriteriaId: "AC160B20-3EA0-49A0-A857-4E7A1C2D74E2", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10_1803:-:*:*:*:*:*:*:*", matchCriteriaId: "00345596-E9E0-4096-8DC6-0212F4747A13", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x64:*", matchCriteriaId: "C936FD4F-959C-43B8-9917-E2A0DF4A8793", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x86:*", matchCriteriaId: "DF8ABB14-84CF-4BBC-99C9-DA6C0F7A0619", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:rt:*:*:*", matchCriteriaId: "D01999BB-2CD6-4C84-A518-3A3BB78F1105", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_1709:-:*:*:*:*:*:*:*", matchCriteriaId: "53695559-6E95-43C1-AD7C-1D99473223C2", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_1803:-:*:*:*:*:*:*:*", matchCriteriaId: "37097C39-D588-4018-B94D-5EB87B1E3D5A", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", matchCriteriaId: "DB18C4CE-5917-401E-ACF7-2747084FD36E", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", matchCriteriaId: "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An information disclosure vulnerability exists when the Windows TCP/IP stack improperly handles fragmented IP packets, aka \"Windows TCP/IP Information Disclosure Vulnerability.\" This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers.", }, { lang: "es", value: "Existe una vulnerabilidad de divulgación de información cuando la pila TCP/IP de Windows gestiona incorrectamente los paquetes IP fragmentados. Esto también se conoce como \"Windows TCP/IP Information Disclosure Vulnerability\". Esto afecta a Windows Server 2012 R2, Windows RT 8.1, Windows Server 2016, Windows 8.1, Windows 10 y Windows 10 Servers.", }, ], id: "CVE-2018-8493", lastModified: "2024-11-21T04:13:56.843", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-10-10T13:29:04.073", references: [ { source: "secure@microsoft.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/105456", }, { source: "secure@microsoft.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1041843", }, { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8493", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/105456", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1041843", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8493", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }