{"api_version":"1","generated_at":"2026-06-23T10:04:11+00:00","cve":"CVE-2018-8120","urls":{"html":"https://cve.report/CVE-2018-8120","api":"https://cve.report/api/cve/CVE-2018-8120.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2018-8120","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2018-8120"},"summary":{"title":"CVE-2018-8120","description":"An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka \"Win32k Elevation of Privilege Vulnerability.\" This affects Windows Server 2008, Windows 7, Windows Server 2008 R2. This CVE ID is unique from CVE-2018-8124, CVE-2018-8164, CVE-2018-8166.","state":"PUBLIC","assigner":"secure@microsoft.com","published_at":"2018-05-09 19:29:00","updated_at":"2019-10-03 00:03:00"},"problem_types":["CWE-404"],"metrics":[],"references":[{"url":"https://www.exploit-db.com/exploits/45653/","name":"45653","refsource":"EXPLOIT-DB","tags":["Exploit","Third Party Advisory","VDB Entry"],"title":"Microsoft Windows - SetImeInfoEx Win32k NULL Pointer Dereference (Metasploit) - Windows local Exploit","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8120","name":"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8120","refsource":"CONFIRM","tags":["Patch","Vendor Advisory"],"title":"","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/104034","name":"104034","refsource":"BID","tags":["Third Party Advisory","VDB Entry"],"title":"Microsoft Windows Kernel 'Win32k.sys' CVE-2018-8120 Local Privilege Escalation Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://www.securitytracker.com/id/1040849","name":"1040849","refsource":"SECTRACK","tags":["Third Party Advisory","VDB Entry"],"title":"Windows Kernel Multiple Flaws Let Local Users Bypass Security Restictions, Obtain Potentially Sensitive Information, and Gain Elevated Privileges on the Target System - SecurityTracker","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2018-8120","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-8120","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2018","cve_id":"8120","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"microsoft","cpe5":"windows_7","cpe6":"-","cpe7":"sp1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"8120","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"microsoft","cpe5":"windows_7","cpe6":"-","cpe7":"sp1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"8120","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"microsoft","cpe5":"windows_server_2008","cpe6":"-","cpe7":"sp2","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"8120","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"microsoft","cpe5":"windows_server_2008","cpe6":"r2","cpe7":"sp1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"itanium","cpe13":"*"},{"cve_year":"2018","cve_id":"8120","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"microsoft","cpe5":"windows_server_2008","cpe6":"r2","cpe7":"sp1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"x64","cpe13":"*"},{"cve_year":"2018","cve_id":"8120","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"microsoft","cpe5":"windows_server_2008","cpe6":"-","cpe7":"sp2","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"8120","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"microsoft","cpe5":"windows_server_2008","cpe6":"r2","cpe7":"sp1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"itanium","cpe13":"*"},{"cve_year":"2018","cve_id":"8120","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"microsoft","cpe5":"windows_server_2008","cpe6":"r2","cpe7":"sp1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"x64","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":{"cve_year":"2018","cve_id":"8120","cve":"CVE-2018-8120","vendorProject":"Microsoft","product":"Win32k","vulnerabilityName":"Microsoft Win32k Privilege Escalation Vulnerability","dateAdded":"2022-03-15","shortDescription":"A privilege escalation vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory.","requiredAction":"Apply updates per vendor instructions.","dueDate":"2022-04-05","knownRansomwareCampaignUse":"Known","notes":"https://nvd.nist.gov/vuln/detail/CVE-2018-8120","cwes":"CWE-404","catalogVersion":"2026.06.18","updated_at":"2026-06-18 16:51:30"},"epss":{"cve_year":"2018","cve_id":"8120","cve":"CVE-2018-8120","epss":"0.737210000","percentile":"0.994070000","score_date":"2026-06-22","updated_at":"2026-06-23 00:09:33"},"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"secure@microsoft.com","ID":"CVE-2018-8120","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"Windows Server 2008","version":{"version_data":[{"version_value":"32-bit Systems Service Pack 2"},{"version_value":"32-bit Systems Service Pack 2 (Server Core installation)"},{"version_value":"Itanium-Based Systems Service Pack 2"},{"version_value":"x64-based Systems Service Pack 2"},{"version_value":"x64-based Systems Service Pack 2 (Server Core installation)"}]}},{"product_name":"Windows 7","version":{"version_data":[{"version_value":"32-bit Systems Service Pack 1"},{"version_value":"x64-based Systems Service Pack 1"}]}},{"product_name":"Windows Server 2008 R2","version":{"version_data":[{"version_value":"Itanium-Based Systems Service Pack 1"},{"version_value":"x64-based Systems Service Pack 1"},{"version_value":"x64-based Systems Service Pack 1 (Server Core installation)"}]}}]},"vendor_name":"Microsoft"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka \"Win32k Elevation of Privilege Vulnerability.\" This affects Windows Server 2008, Windows 7, Windows Server 2008 R2. This CVE ID is unique from CVE-2018-8124, CVE-2018-8164, CVE-2018-8166."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Elevation of Privilege"}]}]},"references":{"reference_data":[{"name":"45653","refsource":"EXPLOIT-DB","url":"https://www.exploit-db.com/exploits/45653/"},{"name":"1040849","refsource":"SECTRACK","url":"http://www.securitytracker.com/id/1040849"},{"name":"104034","refsource":"BID","url":"http://www.securityfocus.com/bid/104034"},{"name":"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8120","refsource":"CONFIRM","url":"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8120"}]}},"nvd":{"publishedDate":"2018-05-09 19:29:00","lastModifiedDate":"2019-10-03 00:03:00","problem_types":["CWE-404"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":7,"baseSeverity":"HIGH"},"exploitabilityScore":1,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:C/I:C/A:C","accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE","baseScore":7.2},"severity":"HIGH","exploitabilityScore":3.9,"impactScore":10,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2018","CveId":"8120","Ordinal":"124475","Title":"CVE-2018-8120","CVE":"CVE-2018-8120","Year":"2018"},"notes":[{"CveYear":"2018","CveId":"8120","Ordinal":"1","NoteData":"An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka \"Win32k Elevation of Privilege Vulnerability.\" This affects Windows Server 2008, Windows 7, Windows Server 2008 R2. This CVE ID is unique from CVE-2018-8124, CVE-2018-8164, CVE-2018-8166.","Type":"Description","Title":null},{"CveYear":"2018","CveId":"8120","Ordinal":"2","NoteData":"2018-05-09","Type":"Other","Title":"Published"},{"CveYear":"2018","CveId":"8120","Ordinal":"3","NoteData":"2018-10-24","Type":"Other","Title":"Modified"}]}}}