cve-2018-8314
Vulnerability from cvelistv5
Published
2018-07-11 00:00
Modified
2024-08-05 06:54
Severity
Summary
An elevation of privilege vulnerability exists when Windows fails a check, allowing a sandbox escape, aka "Windows Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2008 R2, Windows 10. This CVE ID is unique from CVE-2018-8313.
References
| Source | URL | Tags |
|---|---|---|
| secure@microsoft.com | http://www.securityfocus.com/bid/104652 | Third Party Advisory, VDB Entry |
| secure@microsoft.com | http://www.securitytracker.com/id/1041263 | Third Party Advisory, VDB Entry |
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8314 | Patch, Vendor Advisory |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:54:35.357Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8314"
},
{
"name": "1041263",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1041263"
},
{
"name": "104652",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/104652"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Windows 7",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "32-bit Systems Service Pack 1"
},
{
"status": "affected",
"version": "x64-based Systems Service Pack 1"
}
]
},
{
"product": "Windows Server 2012 R2",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "(Server Core installation)"
}
]
},
{
"product": "Windows RT 8.1",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Windows RT 8.1"
}
]
},
{
"product": "Windows Server 2008",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "32-bit Systems Service Pack 2"
},
{
"status": "affected",
"version": "32-bit Systems Service Pack 2 (Server Core installation)"
},
{
"status": "affected",
"version": "Itanium-Based Systems Service Pack 2"
},
{
"status": "affected",
"version": "x64-based Systems Service Pack 2"
},
{
"status": "affected",
"version": "x64-based Systems Service Pack 2 (Server Core installation)"
}
]
},
{
"product": "Windows Server 2012",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "(Server Core installation)"
}
]
},
{
"product": "Windows 8.1",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "32-bit systems"
},
{
"status": "affected",
"version": "x64-based systems"
}
]
},
{
"product": "Windows Server 2008 R2",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Itanium-Based Systems Service Pack 1"
},
{
"status": "affected",
"version": "x64-based Systems Service Pack 1"
},
{
"status": "affected",
"version": "x64-based Systems Service Pack 1 (Server Core installation)"
}
]
},
{
"product": "Windows 10",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "32-bit Systems"
},
{
"status": "affected",
"version": "x64-based Systems"
}
]
}
],
"datePublic": "2018-07-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An elevation of privilege vulnerability exists when Windows fails a check, allowing a sandbox escape, aka \"Windows Elevation of Privilege Vulnerability.\" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2008 R2, Windows 10. This CVE ID is unique from CVE-2018-8313."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of Privilege",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-11T09:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8314"
},
{
"name": "1041263",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1041263"
},
{
"name": "104652",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/104652"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2018-8314",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Windows 7",
"version": {
"version_data": [
{
"version_value": "32-bit Systems Service Pack 1"
},
{
"version_value": "x64-based Systems Service Pack 1"
}
]
}
},
{
"product_name": "Windows Server 2012 R2",
"version": {
"version_data": [
{
"version_value": "(Server Core installation)"
}
]
}
},
{
"product_name": "Windows RT 8.1",
"version": {
"version_data": [
{
"version_value": "Windows RT 8.1"
}
]
}
},
{
"product_name": "Windows Server 2008",
"version": {
"version_data": [
{
"version_value": "32-bit Systems Service Pack 2"
},
{
"version_value": "32-bit Systems Service Pack 2 (Server Core installation)"
},
{
"version_value": "Itanium-Based Systems Service Pack 2"
},
{
"version_value": "x64-based Systems Service Pack 2"
},
{
"version_value": "x64-based Systems Service Pack 2 (Server Core installation)"
}
]
}
},
{
"product_name": "Windows Server 2012",
"version": {
"version_data": [
{
"version_value": "(Server Core installation)"
}
]
}
},
{
"product_name": "Windows 8.1",
"version": {
"version_data": [
{
"version_value": "32-bit systems"
},
{
"version_value": "x64-based systems"
}
]
}
},
{
"product_name": "Windows Server 2008 R2",
"version": {
"version_data": [
{
"version_value": "Itanium-Based Systems Service Pack 1"
},
{
"version_value": "x64-based Systems Service Pack 1"
},
{
"version_value": "x64-based Systems Service Pack 1 (Server Core installation)"
}
]
}
},
{
"product_name": "Windows 10",
"version": {
"version_data": [
{
"version_value": "32-bit Systems"
},
{
"version_value": "x64-based Systems"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An elevation of privilege vulnerability exists when Windows fails a check, allowing a sandbox escape, aka \"Windows Elevation of Privilege Vulnerability.\" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2008 R2, Windows 10. This CVE ID is unique from CVE-2018-8313."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of Privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8314",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8314"
},
{
"name": "1041263",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041263"
},
{
"name": "104652",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104652"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2018-8314",
"datePublished": "2018-07-11T00:00:00",
"dateReserved": "2018-03-14T00:00:00",
"dateUpdated": "2024-08-05T06:54:35.357Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2018-8314\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2018-07-11T00:29:02.290\",\"lastModified\":\"2019-10-03T00:03:26.223\",\"vulnStatus\":\"Analyzed\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"An elevation of privilege vulnerability exists when Windows fails a check, allowing a sandbox escape, aka \\\"Windows Elevation of Privilege Vulnerability.\\\" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2008 R2, Windows 10. This CVE ID is unique from CVE-2018-8313.\"},{\"lang\":\"es\",\"value\":\"Existe una vulnerabilidad de elevaci\u00f3n de privilegios cuando Windows no realiza una comprobaci\u00f3n, lo que permite un escape del sandbox. Esto tambi\u00e9n se conoce como \\\"Windows Elevation of Privilege Vulnerability\\\". Esto afecta a Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2008 R2 y Windows 10. El ID de este CVE es diferente de CVE-2018-8313.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\",\"baseScore\":4.7,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":2.8,\"impactScore\":1.4}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\",\"baseScore\":4.3},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"21540673-614A-4D40-8BD7-3F07723803B0\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"C2B1C231-DE19-4B8F-A4AA-5B3A65276E46\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E93068DB-549B-45AB-8E5C-00EB5D8B5CF8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C6CE5198-C498-4672-AF4C-77AB4BE06C5C\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"5F422A8C-2C4E-42C8-B420-E0728037E15C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:itanium:*:*:*\",\"matchCriteriaId\":\"E0350AF7-6940-4C85-B0E4-2BC5338661B4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2008:r2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"36559BC0-44D7-48B3-86FF-1BFF0257B5ED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"2ACA9287-B475-4AF7-A4DA-A7143CEF9E57\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:itanium:*:*:*\",\"matchCriteriaId\":\"9AFAE529-A356-4526-8487-D6CA37696219\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A7DF96F8-BA6A-4780-9CA3-F719B3F81074\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DB18C4CE-5917-401E-ACF7-2747084FD36E\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/104652\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1041263\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8314\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]}]}}"
}
}
Loading...