Published: 04/01/2018 Updated: 03/10/2019

CVSS v2 Base Score: 4.6 | Impact Score: 6.4 | Exploitability Score: 3.9

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 465

Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

Subscribe to Windows Server 2012

The Windows Kernel API in Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way the Kernel API enforces permissions, aka "Windows Elevation of Privilege Vulnerability". This CVE ID is unique from CVE-2018-0751.

Vulnerable Product	Search on Vulmon	Subscribe to Product
microsoft windows server 2012 r2
microsoft windows server 2016 -
microsoft windows server 2016 1709
microsoft windows 10 -
microsoft windows 10 1511
microsoft windows 10 1607
microsoft windows 10 1703
microsoft windows 8.1 -
microsoft windows 10 1709
microsoft windows server 2012 -

Windows: NtImpersonateAnonymousToken LPAC to Non-LPAC EoP Platform: Windows 10 1703 and 1709 (not tested Windows 8x) Class: Elevation of Privilege Summary: When impersonating the anonymous token in an LPAC the WIN://NOAPPALLPKG security attribute is ignored leading to impersonating a non-LPAC token leading to EoP Description: When running in ...

CWE-732 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0752 http://www.securitytracker.com/id/1040095 http://www.securityfocus.com/bid/102360 https://www.exploit-db.com/exploits/43516/https://nvd.nist.gov https://www.exploit-db.com/exploits/43516/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2018-0752

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect