CVE-2018-8611

ENISA EUVD: EUVD-2018-20226 ↗

Exploited in the Wild ✓ Confirmed 0-Day ★ Google Project Zero

Triaged: March 5, 2026 3 articles

VulnLookup ↗ NVD ↗ EUVD ↗ MITRE ↗ Advisory ↗ P0 Sheet ↗ CISA KEV ↗

EPSS Score

Source: FIRST.org · 2026-05-24

16.37%

probability

This CVE has a 16.37% probability of being exploited in the next 30 days.

0% Top 94.9th percentile of all CVEs 100%

CVSS v3.1

Source: NVD

7.8

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Description

Project Zero

Race condition in kernel transaction manager

Affected Products

Attack Intelligence

CWE-404 · Improper Resource Shutdown CWE-664 · Improper Control of a Resource Through its Lifetime

Google Project Zero

Discovered

Oct. 29, 2018

Patched

Dec. 11, 2018

Reported by

Boris Larin (Oct0xor) & Igor Soumenkov (2igosha) of Kaspersky Lab

Root Cause Analysis

???

Exploits & PoC

lsw29475/CVE-2018-8611

PoC CVE-2018-8611 — lsw29475/CVE-2018-8611

1 repo — triés par ⭐ Rechercher sur GitHub ↗

Patched Windows Zero-Day Provided Full Control Over Vulnerable Systems

BleepingComputer Apr 15, 2019

Microsoft Issues Patch for Windows Zero-Day Flaw Under Active Attack

TheHackerNews

December 2018 Patch Tuesday – 39 Vulns, Workstation Patches, Adobe Vulns

Qualys Dec 11, 2018

Signal Intelligence

Confidenceⓘ

95%

EPSS 16.37%

CVSS v3.1 7.8

Mentions 3

Last Seen Apr 15, 2019

CNA Information

Analyst Note

Auto-imported from Google Project Zero — confirmed zero-day by definition.

Triage Info

Decided atMar 05, 2026