Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.8
CVSSv3

CVE-2018-8611

Published: 12/12/2018 Updated: 03/10/2019
CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
VMScore: 641
Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Microsoft

Vulnerability Summary

An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka "Windows Kernel Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

microsoft windows server 2008 r2

microsoft windows server 2008 -

microsoft windows 8.1 -

microsoft windows server 2016 1709

microsoft windows server 2012 -

microsoft windows 7 -

microsoft windows 10 1607

microsoft windows server 2019 -

microsoft windows 10 1703

microsoft windows 10 1709

microsoft windows 10 1803

microsoft windows 10 1809

microsoft windows server 2016 -

microsoft windows server 2016 1803

microsoft windows server 2012 r2

microsoft windows rt 8.1 -

microsoft windows 10 -

Github Repositories

https://github.com/nccgroup/idahunt

idahunt is a framework to analyze binaries with IDA Pro and hunt for things in IDA Pro

Overview Requirements Features Scripting Usage Simulate without executing Initial analysis Execute IDA Python script Binary diffing Requirements Initial analysis Diffing files Diffing a function Filters Architecture detection Target-specific Known projects using idahunt Overview idahunt is a framework to analyze binaries with IDA Pro and hunt for things in IDA Pro

Recent Articles

The fourth horseman: CVE-2019-0797 vulnerability
Securelist • Vasily Berdnikov Boris Larin • 13 Mar 2019

In February 2019, our Automatic Exploit Prevention (AEP) systems detected an attempt to exploit a vulnerability in the Microsoft Windows operating system. Further analysis of this event led to us discovering a zero-day vulnerability in win32k.sys. We reported it to Microsoft on February 22, 2019. The company confirmed the vulnerability and assigned it CVE-2019-0797. Microsoft have just released a patch, crediting Kaspersky Lab researchers Vasiliy Berdnikov and Boris Larin with the discovery: Thi...

Read more...
Zero-day in Windows Kernel Transaction Manager (CVE-2018-8611)
Securelist • Boris Larin Vladislav Stolyarov Anton Ivanov • 12 Dec 2018

In October 2018, our AEP (Automatic Exploit Prevention) systems detected an attempt to exploit a vulnerability in the Microsoft Windows operating system. Further analysis led us to uncover a zero-day vulnerability in ntoskrnl.exe. We reported it to Microsoft on October 29, 2018. The company confirmed the vulnerability and assigned it CVE-2018-8611. Microsoft just released a patch, part of its December update, crediting Kaspersky Lab researchers Boris Larin (Oct0xor) and Igor Soumenkov (2igosha) ...

Read more...

References

CWE-404https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8611http://www.securityfocus.com/bid/106082https://nvd.nist.govhttps://github.com/nccgroup/idahunthttps://www.kb.cert.org/vuls/id/289907
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32744privilege escalationCVE-2024-30253CVE-2024-3914cross-site scriptingCVE-2024-31497CVE-2024-3400CVE-2024-32341hardcoded
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook