{"api_version":"1","generated_at":"2026-06-20T19:50:09+00:00","cve":"CVE-2018-8170","urls":{"html":"https://cve.report/CVE-2018-8170","api":"https://cve.report/api/cve/CVE-2018-8170.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2018-8170","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2018-8170"},"summary":{"title":"CVE-2018-8170","description":"An elevation of privilege vulnerability exists in the way that the Windows kernel image handles objects in memory, aka \"Windows Image Elevation of Privilege Vulnerability.\" This affects Windows 10, Windows 10 Servers.","state":"PUBLIC","assigner":"secure@microsoft.com","published_at":"2018-05-09 19:29:00","updated_at":"2019-10-03 00:03:00"},"problem_types":["CWE-404"],"metrics":[],"references":[{"url":"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8170","name":"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8170","refsource":"CONFIRM","tags":["Patch","Vendor Advisory"],"title":"","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/104068","name":"104068","refsource":"BID","tags":["Third Party Advisory","VDB Entry"],"title":"Microsoft Windows Kernel Image CVE-2018-8170 Local Privilege Escalation Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://www.securitytracker.com/id/1040849","name":"1040849","refsource":"SECTRACK","tags":["Third Party Advisory","VDB Entry"],"title":"Windows Kernel Multiple Flaws Let Local Users Bypass Security Restictions, Obtain Potentially Sensitive Information, and Gain Elevated Privileges on the Target System - SecurityTracker","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2018-8170","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-8170","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2018","cve_id":"8170","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"microsoft","cpe5":"windows_10","cpe6":"1703","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"8170","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"microsoft","cpe5":"windows_10","cpe6":"1709","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"8170","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"microsoft","cpe5":"windows_10","cpe6":"1703","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"8170","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"microsoft","cpe5":"windows_10","cpe6":"1709","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"8170","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"microsoft","cpe5":"windows_server_2016","cpe6":"1709","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"8170","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"microsoft","cpe5":"windows_server_2016","cpe6":"1709","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"secure@microsoft.com","ID":"CVE-2018-8170","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"Windows 10","version":{"version_data":[{"version_value":"Version 1703 for 32-bit Systems"},{"version_value":"Version 1703 for x64-based Systems"},{"version_value":"Version 1709 for 32-bit Systems"},{"version_value":"Version 1709 for x64-based Systems"}]}},{"product_name":"Windows 10 Servers","version":{"version_data":[{"version_value":"version 1709  (Server Core Installation)"}]}}]},"vendor_name":"Microsoft"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"An elevation of privilege vulnerability exists in the way that the Windows kernel image handles objects in memory, aka \"Windows Image Elevation of Privilege Vulnerability.\" This affects Windows 10, Windows 10 Servers."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Elevation of Privilege"}]}]},"references":{"reference_data":[{"name":"1040849","refsource":"SECTRACK","url":"http://www.securitytracker.com/id/1040849"},{"name":"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8170","refsource":"CONFIRM","url":"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8170"},{"name":"104068","refsource":"BID","url":"http://www.securityfocus.com/bid/104068"}]}},"nvd":{"publishedDate":"2018-05-09 19:29:00","lastModifiedDate":"2019-10-03 00:03:00","problem_types":["CWE-404"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":7,"baseSeverity":"HIGH"},"exploitabilityScore":1,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:L/AC:M/Au:N/C:P/I:P/A:P","accessVector":"LOCAL","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL","baseScore":4.4},"severity":"MEDIUM","exploitabilityScore":3.4,"impactScore":6.4,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:microsoft:windows_server_2016:1709:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2018","CveId":"8170","Ordinal":"124525","Title":"CVE-2018-8170","CVE":"CVE-2018-8170","Year":"2018"},"notes":[{"CveYear":"2018","CveId":"8170","Ordinal":"1","NoteData":"An elevation of privilege vulnerability exists in the way that the Windows kernel image handles objects in memory, aka \"Windows Image Elevation of Privilege Vulnerability.\" This affects Windows 10, Windows 10 Servers.","Type":"Description","Title":null},{"CveYear":"2018","CveId":"8170","Ordinal":"2","NoteData":"2018-05-09","Type":"Other","Title":"Published"},{"CveYear":"2018","CveId":"8170","Ordinal":"3","NoteData":"2018-05-10","Type":"Other","Title":"Modified"}]}}}