Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.2
CVSSv2

CVE-2018-0952

Published: 15/08/2018 Updated: 03/10/2019
CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
VMScore: 726
Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Microsoft

Vulnerability Summary

An Elevation of Privilege vulnerability exists when Diagnostics Hub Standard Collector allows file creation in arbitrary locations, aka "Diagnostic Hub Standard Collector Elevation Of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Microsoft Visual Studio, Windows 10 Servers.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

microsoft visual studio 2015 -

microsoft visual studio 2017 -

microsoft windows 10 1803

microsoft windows server 2016 -

microsoft windows server 2016 1709

microsoft windows server 2016 1803

microsoft windows 10 -

microsoft windows 10 1703

microsoft visual studio 2017 15.8

microsoft windows 10 1607

microsoft windows 10 1709

Exploits

Exploit DB: Microsoft Windows 10 - Diagnostics Hub Standard Collector Service Privilege Escalation
SystemCollector PoC for Privilege Escalation in Windows 10 Diagnostics Hub Standard Collector Service Affected Products Windows 10 Windows Server Windows Server 2016 Visual Studio 2015 Update 3 Visual Studio 2017 Summary The Diagnostics Hub Packaging library, used by Windows Standard Collector Service, can be forced to copy an arbitrary file to an ...

Github Repositories

https://github.com/atredispartners/CVE-2018-0952-SystemCollector

PoC for Privilege Escalation in Windows 10 Diagnostics Hub Standard Collector Service

SystemCollector PoC for Privilege Escalation in Windows 10 Diagnostics Hub Standard Collector Service Affected Products Windows 10 Windows Server Windows Server 2016 Visual Studio 2015 Update 3 Visual Studio 2017 Summary The Diagnostics Hub Packaging library, used by Windows Standard Collector Service, can be forced to copy an arbitrary file to an arbitrary location due to la

https://github.com/L1ves/windows-pentesting-resources

windows-pentesting-resources Windows Pentesting Resources  : Fun with LDAP, Kerberos (and MSRPC) in AD Environments speakerdeckcom/ropnop/fun-with-ldap-kerberos-and-msrpc-in-ad-environments From XML External Entity to NTLM Domain Hashes techblogmediaservicenet/2018/02/from-xml-external-entity-to-ntlm-domain-hashes/ Windows Privilege Escalation Guide

References

NVD-CWE-noinfohttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0952http://www.securitytracker.com/id/1041466http://www.securityfocus.com/bid/105048https://www.exploit-db.com/exploits/45244/https://nvd.nist.govhttps://github.com/atredispartners/CVE-2018-0952-SystemCollectorhttps://www.exploit-db.com/exploits/45244/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4040privilege escalationCVE-2024-4112CVE-2024-32872man-in-the-middleCVE-2024-32788bypassCVE-2024-3400CVE-2024-28976
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook