CVE-2018-8120
ENISA EUVD: EUVD-2018-19796 ↗
Exploited in the Wild
✓ Confirmed 0-Day
★ Google Project Zero
Triaged: March 5, 2026
4 articles
Published: 2018-05-09
EPSS Score
Source: FIRST.org · 2026-05-23
94.15%
probability
This CVE has a 94.15% probability
of being exploited in the next 30 days.
0%
Top 99.9th percentile of all CVEs
100%
CVSS v3.1
Source: VulnerabilityLookup (CIRCL)7
HIGH
Attack Vector
Local
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS v2 (legacy)
7.2
HIGH
Access Vector
Local
Access Complexity
Low
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
AV:L/AC:L/Au:N/C:C/I:C/A:C
Description
VulnerabilityLookup (CNA)An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows Server 2008, Windows 7, Windows Server 2008 R2. This CVE ID is unique from CVE-2018-8124, CVE-2018-8164, CVE-2018-8166.
Affected Products
Microsoft
Windows Server 2008
32-bit Systems Service Pack 2
32-bit Systems Service Pack 2 (Server Core installation)
Itanium-Based Systems Service Pack 2
x64-based Systems Service Pack 2
x64-based Systems Service Pack 2 (Server Core installation)
Microsoft
Windows 7
32-bit Systems Service Pack 1
x64-based Systems Service Pack 1
Microsoft
Windows Server 2008 R2
Itanium-Based Systems Service Pack 1
x64-based Systems Service Pack 1
x64-based Systems Service Pack 1 (Server Core installation)
Attack Intelligence
Google Project Zero
Patched
May 8, 2018
Reported by
Anton Cherepanov, Senior Malware Researcher of ESET
Root Cause Analysis
???
Exploits & PoC
rip1s/CVE-2018-8120
CVE-2018-8120 Windows LPE exploit
499
2018-05-30
alpha1ab/CVE-2018-8120
CVE-2018-8120 Exploit for Win2003 Win2008 WinXP Win7
293
2018-08-08
164
2018-05-18
5
2018-06-05
1
2018-08-10
ozkanbilge/CVE-2018-8120
CVE-2018-8120 Windows LPE exploit
1
2018-08-16
0
2018-12-19
0
2019-07-20
StartZYP/CVE-2018-8120
This CVE-2018-8120 File
0
2020-08-28
0
2020-11-30
10 repos — triés par ⭐
Rechercher sur GitHub ↗
https://www.exploit-db.com/exploits/45653/
exploit
x_refsource_EXPLOIT-DB
http://www.securitytracker.com/id/1040849
vdb-entry
x_refsource_SECTRACK
http://www.securityfocus.com/bid/104034
vdb-entry
x_refsource_BID
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8120
x_refsource_CONFIRM
Signal Intelligence
Confidence
95%
EPSS
94.15%
CVSS v3.1
7
Mentions
4
Last Seen
May 15, 2018
CNA Information
CNA Assigner
microsoft
Analyst Note
Auto-imported from Google Project Zero — confirmed zero-day by definition.
Threat Actors 2
Cobalt
apt_group
Financial crime
🇷🇺 RU
Earth Lamia
apt_group
Information theft and espionage
🇨🇳 CN
Triage Info
Decided atMar 05, 2026
Published DateMay 09, 2018