Attacker Value
High
(3 users assessed)
Exploitability
High
(3 users assessed)
User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
1

CVE-2018-8453

Disclosure Date: October 10, 2018 Last updated February 13, 2020
Exploited in the Wild
Reported by gwillcox-r7
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

“An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory” – MITRE description.

Add Assessment

1
Ratings
  • Exploitability
    High
Technical Analysis

The handling of objects in memory allowed for a double-free of a memory region, which could be used to escalate privileges on a local system. See MSRC link for vulnerable versions and patch information.

The https://github.com/ze0r/cve-2018-8453-exp PoC for x86 systems successfully worked for me on Win10 x86 systems. The x64 version did not work for me though.

Log in to Add Reply
1
Technical Analysis

Reported as exploited in the wild as part of Google’s 2020 0day vulnerability spreadsheet they made available at https://docs.google.com/spreadsheets/d/1lkNJ0uQwbeC1ZTRrxdtuPLCIl7mlUreoKfSIgajnSyY/edit#gid=1869060786. Original tweet announcing this spreadsheet with the 2020 findings can be found at https://twitter.com/maddiestone/status/1329837665378725888

Log in to Add Reply

General Information

Offensive Application
post
Utility Class
privesc
Ports
Unknown
OS
Windows
Vulnerable Versions
Windows Server 2019
Windows Server 2012
Windows 10 Servers
Windows 7
Windows Server 2016
Windows Server 2012 R2
Windows 10
Windows Server 2008
Windows Server 2008 R2
Windows RT 8.1
Windows 8.1
Prerequisites
Unknown
Discovered By
Kaspersky Lab
PoC Author
ze0r (Github username)
Metasploit Module
Unknown
Reporter
Unknown

Additional Info

Authenticated
Always
Exploitable
Always
Reliability
Unknown
Stability
Unknown
Available Mitigations
Unknown
Shelf Life
Unknown
Userbase/Installbase
Large
Patch Effectiveness
Unknown
Technical Analysis