CVE-2018-8120
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka "Win32k...
Basic Information
- CVE State
- PUBLISHED
- Reserved Date
- March 14, 2018
- Published Date
- May 09, 2018
- Last Updated
- February 07, 2025
- Vendor
- Microsoft
- Product
- Windows Server 2008, Windows 7, Windows Server 2008 R2
- Description
- An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows Server 2008, Windows 7, Windows Server 2008 R2. This CVE ID is unique from CVE-2018-8124, CVE-2018-8164, CVE-2018-8166.
CVSS Scores
CVSS v3.1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
SSVC Information
- Exploitation
- active
- Technical Impact
- total
References
Known Exploited Vulnerability Information
| Source | Added Date |
|---|---|
| CISA | 2022-03-15 00:00:00 UTC |
Scanner Integrations
| Scanner | URL | Date Detected |
|---|---|---|
| Metasploit | https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/local/ms18_8120_win32k_privesc.rb | 2025-04-29 11:01:41 UTC |
Potential Proof of Concepts
Warning: These PoCs have not been tested and could contain malware. Use at your own risk.
ms18_8120_win32k_privesc
Type: metasploit • Created: Unknown
StartZYP/CVE-2018-8120
Type: github • Created: 2020-08-27 07:10:34 UTC • Stars: 0
qiantu88/CVE-2018-8120
Type: github • Created: 2018-12-19 10:58:55 UTC • Stars: 0
ozkanbilge/CVE-2018-8120
Type: github • Created: 2018-08-16 10:51:00 UTC • Stars: 1
EVOL4/CVE-2018-8120
Type: github • Created: 2018-07-11 02:41:16 UTC • Stars: 2
alpha1ab/CVE-2018-8120
Type: github • Created: 2018-06-07 08:30:07 UTC • Stars: 293
rip1s/CVE-2018-8120
Type: github • Created: 2018-05-19 02:43:15 UTC • Stars: 497