CVE-2023-36036

Exploited in the Wild ✓ Confirmed 0-Day ★ Google Project Zero

Triaged: March 3, 2026 3 articles

VulnLookup ↗ NVD ↗ MITRE ↗ Advisory ↗ P0 Sheet ↗ CISA KEV ↗

EPSS Score

Source: FIRST.org · 2026-05-24

1.38%

probability

This CVE has a 1.38% probability of being exploited in the next 30 days.

0% Top 80.5th percentile of all CVEs 100%

CVSS score unavailable

Neither CIRCL nor NVD returned a CVSS score for this CVE. View on VulnerabilityLookup ↗

Description

Project Zero

Cloud Files Mini Filter Driver Elevation of Privilege

Attack Intelligence

CWE-118 · Incorrect Access of Indexable Resource ('Range Error') CWE-119 · Buffer Overflow CWE-122 · Heap-based Buffer Overflow CWE-664 · Improper Control of a Resource Through its Lifetime CWE-787 · Out-of-bounds Write CWE-788 · Access of Memory Past End of Buffer

Google Project Zero

Patched

Nov. 14, 2023

Reported by

Microsoft Threat Intelligence Microsoft Security Response Center

Root Cause Analysis

???

Microsoft November 2023 Patch Tuesday fixes 5 zero-days, 58 flaws

BleepingComputer Nov 14, 2023

Microsoft and Adobe Patch Tuesday, November 2023 Security Update Review

Qualys Nov 14, 2023

Security Advisory 2023-090

CERT-EU Nov 20, 2023

Signal Intelligence

Confidenceⓘ

78%

EPSS 1.38%

Mentions 3

Last Seen Nov 20, 2023

CNA Information

Analyst Note

CVE-2023-36036 is confirmed as a legitimate Windows elevation of privilege vulnerability with a HIGH CVSS score (7.8) affecting Windows 10. The vulnerability is documented in Google Project Zero and referenced in CERT-EU security advisory, providing credible third-party validation despite limited public articles and absence from CISA KEV list.

Threat Actors 1

AridViper

apt_group Information theft and espionage 🇵🇸 PS

Triage Info

Decided atMar 03, 2026