CVE-2018-8120
CVE-2018-8120
In short
A flaw in Windows' graphics system (Win32k) allows a regular user to gain administrative privileges by exploiting improper memory handling. This is dangerous because attackers can take full control of affected computers.
Technical detail
An elevation of privilege vulnerability in the Win32k component stemming from improper object memory handling allows an authenticated local attacker to execute arbitrary code with system privileges. The attack requires local access and successful exploitation results in complete system compromise; this vulnerability affects Windows Server 2008, Windows 7, and Windows Server 2008 R2.
Summary generated and translated by AI from the official description.
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows Server 2008, Windows 7, Windows Server 2008 R2. This CVE ID is unique from CVE-2018-8124, CVE-2018-8164, CVE-2018-8166.
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected products
Microsoft · Windows 7Microsoft · Windows Server 2008Microsoft · Windows Server 2008 R2public PoCs found — 12
githubgithub.com/rip1s/CVE-2018-8120★ 498githubgithub.com/alpha1ab/CVE-2018-8120★ 293githubgithub.com/bigric3/cve-2018-8120★ 164githubgithub.com/ne1llee/cve-2018-8120★ 5githubgithub.com/ozkanbilge/CVE-2018-8120★ 1githubgithub.com/EVOL4/CVE-2018-8120★ 1githubgithub.com/Y0n0Y/cve-2018-8120-exp★ 0githubgithub.com/StartZYP/CVE-2018-8120★ 0githubgithub.com/wikiZ/cve-2018-8120★ 0githubgithub.com/qiantu88/CVE-2018-8120★ 0exploitdbwww.exploit-db.com/exploits/45653unverifiedcve_referencewww.exploit-db.com/exploits/45653/unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →