Vulnerabilities > CVE-2018-1038 - Unspecified vulnerability in Microsoft Windows 7 and Windows Server 2008
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
The Windows kernel in Windows 7 SP1 and Windows Server 2008 R2 SP1 allows an elevation of privilege vulnerability due to the way it handles objects in memory, aka "Windows Kernel Elevation of Privilege Vulnerability."
Vulnerable Configurations
Part | Description | Count |
---|---|---|
OS | 2 |
Exploit-Db
description | Microsoft Windows - Local Privilege Escalation. CVE-2018-1038. Local exploit for Windows platform |
file | exploits/windows/local/44581.c |
id | EDB-ID:44581 |
last seen | 2018-05-24 |
modified | 2018-04-24 |
platform | windows |
port | |
published | 2018-04-24 |
reporter | Exploit-DB |
source | https://www.exploit-db.com/download/44581/ |
title | Microsoft Windows - Local Privilege Escalation |
type | local |
Nessus
NASL family | Windows : Microsoft Bulletins |
NASL id | SMB_NT_MS18_MAR_4100480.NASL |
description | The remote Windows host is missing security update 4100480. It is, therefore, affected by an elevation of privilege vulnerability that exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application to take control of an affected system. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 108757 |
published | 2018-03-30 |
reporter | This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/108757 |
title | KB4100480: Windows Kernel Elevation of Privilege Vulnerability |
code |
|
The Hacker News
id | THN:7354CA31230FA4D48BE905015B9C3B76 |
last seen | 2018-03-31 |
modified | 2018-03-31 |
published | 2018-03-29 |
reporter | Swati Khandelwal |
source | https://thehackernews.com/2018/03/microsofts-meltdown-vulnerability.html |
title | Microsoft's Meltdown Patch Made Windows 7 PCs More Insecure |