Moderate
CVE-2018-0952
Add Reference
Description
URL
Type
CVE-2018-0952
MITRE ATT&CK
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Description
An Elevation of Privilege vulnerability exists when Diagnostics Hub Standard Collector allows file creation in arbitrary locations, aka “Diagnostic Hub Standard Collector Elevation Of Privilege Vulnerability.” This affects Windows Server 2016, Windows 10, Microsoft Visual Studio, Windows 10 Servers.
Add Assessment
Ratings
-
Attacker ValueMedium
-
ExploitabilityHigh
Technical Analysis
This vulnerability leverages a TOCTOU vulnerability in the “Standard Collector Service” used by Visual Studio. If an attacker can change the contents of an ETL file by winning a race condition, the file can then be written to an arbitrary location using a symlink. This can then be used to load an attacker controlled DLL into another process.
CVSS V3 Severity and Metrics
General Information
Vendors
- Microsoft
Products
- Windows Server 2016,
- Windows 10,
- Microsoft Visual Studio,
- Windows 10 Servers
References
Additional Info
Technical Analysis
Report as Exploited in the Wild
What do we mean by "exploited in the wild"?
By selecting this, you are verifying to the AttackerKB community that either you, or a reputable source (example: a security vendor or researcher), has observed an active attempt by attackers, or IOCs related, to exploit this vulnerability outside of a research environment.
A vulnerability should also be considered "exploited in the wild" if there is a publicly available PoC or exploit (example: in an exploitation framework like Metasploit).
