CVE-2018-8120

CVE Database · CVE-2018-8120

CVE-2018-8120

· HIGHAnalyzed

CVSS v3.1

7.0

EPSS

73.72%

Published

May 9, 2018

Modified

Oct 28, 2025

CISA Known Exploited Vulnerability

Added: 2022-03-15 · Due: 2022-04-05

Apply updates per vendor instructions.

Public PoC / Exploit (10)

All weaponized →

Exploit-DBMicrosoft Windows - SetImeInfoEx Win32k NULL Pointer Dereference (Metasploit)TrickestTrickest PoC index GitHub PoCrip1s/CVE-2018-8120★498 GitHub PoCalpha1ab/CVE-2018-8120★292 GitHub PoCbigric3/cve-2018-8120★164 GitHub PoCne1llee/cve-2018-8120★5 GitHub PoCEVOL4/CVE-2018-8120★1 GitHub PoCozkanbilge/CVE-2018-8120★1 GitHub PoCqiantu88/CVE-2018-8120★0 GitHub PoCY0n0Y/cve-2018-8120-exp★0

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows Server 2008, Windows 7, Windows Server 2008 R2. This CVE ID is unique from CVE-2018-8124, CVE-2018-8164, CVE-2018-8166.

CVSS Vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-404CWE-404

Affected Products (4)

microsoft · windows_7vulnerable

microsoft · windows_server_2008vulnerable

References (9)

http://www.securityfocus.com/bid/104034

Broken LinkThird Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1040849

Broken LinkThird Party AdvisoryVDB Entry