7.2
CVSSv2

CVE-2018-8120

Published: 09/05/2018 Updated: 28/02/2019
CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9
CVSS v3 Base Score: 7 | Impact Score: 5.9 | Exploitability Score: 1
VMScore: 735
Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Summary

An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows Server 2008, Windows 7, Windows Server 2008 R2. This CVE ID is unique from CVE-2018-8124, CVE-2018-8164, CVE-2018-8166.

Vulnerability Trend

Affected Products

Vendor Product Versions
MicrosoftWindows 7-
MicrosoftWindows Server 2008-, R2

Vendor Advisories

Summary An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode An attacker could then install programs; view, change, or delete data; or create new accounts with full user right ...

Exploits

## # This module requires Metasploit: metasploitcom/download # Current source: githubcom/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Local Rank = GoodRanking include Msf::Post::File include Msf::Exploit::EXE include Msf::Post::Windows::Priv include Msf::Exploit::FileDropper def initiali ...

Mailing Lists

This Metasploit module exploits an elevation of privilege vulnerability that exists in Windows 7 and 2008 R2 when the Win32k component fails to properly handle objects in memory An attacker who successfully exploits this vulnerability could run arbitrary code in kernel mode An attacker could then install programs; view, change, or delete data; or ...

Github Repositories

CVE-2018-8120 CVE-2018-8120 Windows LPE exploit Supports both x32 and x64 Tested on: Win7 x32, Win7 x64, Win2008 x32, Win2008 R2 x32, Win2008 R2 x64 Usage CVE-2018-8120 exploit by @unamer(githubcom/unamer) Usage: expexe command Example: expexe "net user admin admin /ad" Caution Please exclude shellcodeasm if you wanna compile x32 version Reference h

CVE-2018-8120 CVE-2018-8120 Windows LPE exploit 测试支持: Win7 x32, Win7 x64, Win2008 x32, Win2008 R2 x32, Win2008 R2 Datacenter x64, Win2008 Enterprise x64 WinXP x32, Win2003 x32,Win2003 x64 原exp不支持xp,2003,当前代码在原基础上增加了对这两个系统的支持。 Usage CVE-2018-8120 exploit by @Topsec_Alpha_lab(githubcom/alpha1ab) Usage: expe

CVE-2018-8120 CVE-2018-8120 POC

CVE-2018-8120 win7 x64 Reference githubcom/unamer/CVE-2018-8120 githubcom/FuzzySecurity/PSKernel-Primitives

CVE-2018-8120 CVE-2018-8120 Windows LPE exploit 测试支持: Win7 x32, Win7 x64, Win2008 x32, Win2008 R2 x32, Win2008 R2 Datacenter x64, Win2008 Enterprise x64 WinXP x32, Win2003 x32,Win2003 x64 原exp不支持xp,2003,当前代码在原基础上增加了对这两个系统的支持。 Usage CVE-2018-8120 exploit by @Topsec_Alpha_lab(githubcom/alpha1ab) Usage: expe

CVE-2018-8120 CVE-2018-8120 Windows LPE exploit Supports both x32 and x64 Tested on: Win7 x32, Win7 x64, Win2008 x32, Win2008 R2 x32, Win2008 R2 Datacenter x64, Win2008 Enterprise x64 Usage CVE-2018-8120 exploit by @unamer(githubcom/unamer) Usage: expexe command Example: expexe "net user admin admin /ad" Caution Please exclude shellcodeasm if you wanna

cve-2018-8120 Details see: bigric3blogspotcom/2018/05/cve-2018-8120-analysis-and-exploithtml

Security-Toolkit 1提权类:   1juicy-potato   参考文章:   githubcom/ohpe/juicy-potato   wwwfreebufcom/column/181549html       2ALPC-EXP 参考文章: hunter2gitbookio/darthsidious/privilege-escalation/alpc-bug-0day wwwggseccn/ALPC-EXPhtml 3CVE-2018-8120 目标:win7、win2008 参考文章

CVE-2018-8120

Magic Blogs and websites Exploits xiaodaozhicom/exploit/156html (CVE-2018-8120) Code: githubcom/unamer/CVE-2018-8120

Magic Blogs and websites Exploits xiaodaozhicom/exploit/156html (CVE-2018-8120) Code: githubcom/unamer/CVE-2018-8120

Web-Security-Note Record some common Web security sites 由于平常读过的文章以及遇到的比较好的开源项目都被渐渐遗忘了,所以利用这个项目来记录一下,以便查阅。 目录: CTF Online-Tools 漏洞环境 信息搜集 工具 面经 BypassWAF WEB安全 漏洞挖掘 内网渗透 扫描器开发 开发 运维 CTF CTF Time Pwnhub CTF_论剑

Web-Security-Note Record some common Web security sites 由于平常读过的文章以及遇到的比较好的开源项目都被渐渐遗忘了,所以利用这个项目来记录一下,以便查阅。 目录: CTF Online-Tools 漏洞环境 信息搜集 工具 面经 BypassWAF WEB安全 漏洞挖掘 内网渗透 开发 运维 CTF CTF Time Pwnhub CTF_论剑场 南京邮电

Tool 信息收集 GitHack githubcom/lijiejie/GitHack 抓包工具 Burpsuite 扫描工具 dirsearch githubcom/maurosoria/dirsearch subDomainsBrute githubcom/lijiejie/subDomainsBrute w9scan githubcom/boy-hack/w9scan F-NAScan githubcom/ywolf/F-NAScan HScan nbtscan www

漏洞提权查询表 下表可以帮助大家在权限提升过程中,补足一些缺乏相关的经验。 Operating System Description Security Bulletin KB Exploit Windows Server 2016 Windows Kernel Mode Drivers MS16-135 3199135 Exploit Github Windows Server 2008 ,7,8,10 Windows Server 2012 Secondary Logon Handle MS16-032 3143141 GitHub ExploitDB Metasploit Win7 x32, Win7 x

Exp Exp收集区域 信息泄露 SVN githubcom/anantshri/svn-extractor GIT githubcom/lijiejie/GitHack BBScan githubcom/lijiejie/BBScan Android 在线扫描 wwwappscanio/ 安全测试书籍 wizardforcelgitbooksio/web-hacking-101/content/ Web Hacking 101 中文版 wizardforcelgitbooksio/asani/content/ 浅入浅出Andro

windows-kernel-exploits 简介 windows-kernel-exploits 漏洞列表 #Security Bulletin   #KB     #Description    #Operating System   MS17-017  [KB4013081]  [GDI Palette Objects Local Privilege Escalation]  (windows 7/8) CVE-2017-8464  [LNK Remote Code Execution Vulnerability]  (windows 10/81/7/2016/2

cve-study-write

windows-kernel-exploits 简介 windows-kernel-exploits 漏洞列表 #Security Bulletin   #KB     #Description    #Operating System   CVE-2018-8639 [An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory] (Windows 7/8/10/2008/2012/2016) CVE-2018-1

HolicPOC POC and exploitation of vulnerabilities CVE ID Platform Module CVE-2015-2546 Windows win32k CVE-2016-0165 Windows win32k CVE-2016-0167 Windows win32k CVE-2017-0101CVE-2018-0817 Windows win32k CVE-2017-0263 Windows win32k CVE-2018-8120 Windows win32k

windows-kernel-exploits 简介 windows-kernel-exploits 漏洞列表 #Security Bulletin   #KB     #Description    #Operating System   CVE-2018-8639 [An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory] (Windows 7/8/10/2008/2012/2016) CVE-2018-1

awesome-cpp A curated list of awesome C++ frameworks, libraries and software BVLC/caffe - Caffe: a fast open framework for deep learning grpc/grpc - The C based gRPC (C++, Python, Ruby, Objective-C, PHP, C#) cmderdev/cmder - Lovely console emulator package for Windows Microsoft/CNTK - Microsoft Cognitive Toolkit (CNTK), an open source deep-learning toolkit MisterBooo/LeetCod

windows-kernel-exploits 简介 windows-kernel-exploits 漏洞列表 #Security Bulletin   #KB     #Description    #Operating System   CVE-2018-8639 [An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory] (Windows 7/8/10/2008/2012/2016) CVE-2018-1

windows-kernel-exploits 简介 windows-kernel-exploits 漏洞列表 #Security Bulletin   #KB     #Description    #Operating System   CVE-2018-8639 [An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory] (Windows 7/8/10/2008/2012/2016) CVE-2018-1

windows-kernel-exploits 简介 windows-kernel-exploits 漏洞列表 #Security Bulletin   #KB     #Description    #Operating System   CVE-2018-8639 [An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory] (Windows 7/8/10/2008/2012/2016) CVE-2018-1

Awesome Hacking Awesome hacking is a curated list of hacking tools for hackers, pentesters and security researchers Its goal is to collect, classify and make awesome tools easy to find by humans, creating a toolset you can checkout and update with one command You can checkout all the tools with the following command: git clone --recursive githubcom/jekil/awesome-hack

Awesome Hacking Awesome hacking is a curated list of hacking tools for hackers, pentesters and security researchers Its goal is to collect, classify and make awesome tools easy to find by humans, creating a toolset you can checkout and update with one command You can checkout all the tools with the following command: git clone --recursive githubcom/jekil/awesome-hack

Awesome Hacking Awesome hacking is a curated list of hacking tools for hackers, pentesters and security researchers Its goal is to collect, classify and make awesome tools easy to find by humans, creating a toolset you can checkout and update with one command You can checkout all the tools with the following command: git clone --recursive githubcom/jekil/awesome-hack

CVE-MyLife CVE in My Life! A little adventure in the world! List CVE: CVE-2016-2098: Action Pack in Ruby on Rails before 32222, 4x before 41142, and 42x before 4252 allows remote attackers to execute arbitrary Ruby code by leveraging an application's unrestricted use of the render method CVE-2016-3345: The SMBv1 server in Microsoft Windows Vista SP2, Windows

项目简介 信息收集、攻击尝试获得权限、持久性控制、权限提升、网络信息收集、横向移动、数据分析(在这个基础上再做持久化控制)、擦屁股。 安全相关资源列表 arxivorg 康奈尔大学(Cornell University)开放文档 githubcom/sindresorhus/awesome awesome系列 wwwowasporgcn/ow

Awesome CVE PoC A curated list of CVE PoCs Here is a collection about Proof of Concepts of Common Vulnerabilities and Exposures, and you may also want to check out awesome-web-security Please read the contribution guidelines before contributing This repo is full of PoCs for CVEs If you enjoy this awesome list and would like to support it, check out my Patreon page :

Recent Articles

ScarCruft APT Adds Bluetooth Harvester to its Malware Bag of Tricks
Threatpost • Tara Seals • 13 May 2019

The ScarCruft Korean-speaking APT is changing up its espionage tactics to include an unusual piece of malware devoted to harvesting Bluetooth information – while also showing some overlap with the DarkHotel APT.
An analysis of ScarCruft’s binary infection procedure by Kaspersky Lab shows that in a campaign that continued over the course of 2018, the group used a multi-stage process to update each of its malware modules effectively while also evading detection.
The researchers sai...

ScarCruft continues to evolve, introduces Bluetooth harvester
Securelist • GReAT • 13 May 2019

After publishing our initial series of blogposts back in 2016, we have continued to track the ScarCruft threat actor. ScarCruft is a Korean-speaking and allegedly state-sponsored threat actor that usually targets organizations and companies with links to the Korean peninsula. The threat actor is highly skilled and, by all appearances, quite resourceful.
We recently discovered some interesting telemetry on this actor, and decided to dig deeper into ScarCruft’s recent activity. This shows ...

IT threat evolution Q2 2018. Statistics
Securelist • Victor Chebyshev Fedor Sinitsyn Denis Parinov Alexander Liskin Oleg Kupreev • 06 Aug 2018

According to KSN:
In Q2 2018, Kaspersky Lab detected 1,744,244 malicious installation packages, which is 421,666 packages more than in the previous quarter.

Among all the threats detected in Q2 2018, the lion’s share belonged to potentially unwanted RiskTool apps (55.3%); compared to the previous quarter, their share rose by 6 p.p. Members of the RiskTool.AndroidOS.SMSreg family contributed most to this indicator.
Second place was taken by Trojan-Dropper threats (13%),...

Signal bugs, car hack antics, the Adobe flaw you may have missed, and much more
The Register • Shaun Nichols in San Francisco • 19 May 2018

EFF wins another privacy battle, ICE chips off AI spy plan

Roundup Here's your guide to this week's infosec news beyond what we've already covered.
US Customs won't getting their massive terror predicting system after all. It's reported that America's immigration cops – ICE – have abandoned its call for the development of an artificially intelligent tool that would be able to predict whether a person entering the country was secretly a terrorist, based on social networking activity.
We're told it wasn't outcry over human rights or privac...

Shadowy Hackers Accidentally Reveal Two Zero-Days to Security Researchers
BleepingComputer • Catalin Cimpanu • 15 May 2018

An unidentified hacker group appears to have accidentally exposed two fully-working zero-days when they've uploaded a weaponized PDF file to a public malware scanning engine.
The zero-days where spotted by security researchers from Slovak antivirus vendor ESET, who reported the issues to Adobe and Microsoft, which in turn, had them patched within two months.
Anton Cherepanov, the ESET researcher who spotted the zero-days hidden inside the sea of malware samples, believes he caught th...

It's 2018, and a webpage can still pwn your Windows PC – and apps can escape Hyper-V
The Register • Chris Williams, Editor in Chief • 09 May 2018

Scores of bugs, from Edge and Office to kernel code to Adobe Flash, need fixing ASAP

Patch Tuesday Microsoft and Adobe have patched a bunch of security bugs in their products that can be exploited by hackers to commandeer vulnerable computers, siphon people's personal information, and so on.
Redmond emitted 68 patches alone, 21 rated critical and at least two being actively exploited in the wild. There are browser and kernel patches you should look into first, check out an Office 365 email filter bypass that isn't addressed, then Hyper-V if you're using that, and then the ...

May Patch Tuesday Fixes Two Bugs Under Active Attack
Threatpost • Tom Spring • 08 May 2018

Microsoft’s May Patch Tuesday fixes include two critical remote code-execution vulnerabilities, both of which are under active attack.
The most serious of the two is tied to a Windows 10 VBScript engine and can be triggered when a victim visits a malicious website.
“A user need only visit a malicious website to have attacker-control code execute on their machine,” according to Microsoft’s description of the bug (CVE-2018-8174). The flaw could also be used in conjunction with ...

Microsoft May 2018 Patch Tuesday Fixes 67 Security Issues, Including IE Zero-Day
BleepingComputer • Catalin Cimpanu • 08 May 2018

Microsoft published earlier today the Patch Tuesday security bulletin for May 2018, containing fixes for 67 security issues.
This month, Microsoft fixed security flaws in Microsoft Windows, Internet Explorer, Microsoft Edge, ChakraCore, .NET Framework, Microsoft Exchange Server, Windows Host Compute Service Shim, and Microsoft Office and Microsoft Office Services and Web Apps.
The biggest issue patched this month is a zero-day in Internet Explorer that has been abused by a cyber-espi...