{"api_version":"1","generated_at":"2026-07-11T06:09:33+00:00","cve":"CVE-2018-8422","urls":{"html":"https://cve.report/CVE-2018-8422","api":"https://cve.report/api/cve/CVE-2018-8422.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2018-8422","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2018-8422"},"summary":{"title":"CVE-2018-8422","description":"An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka \"Windows GDI Information Disclosure Vulnerability.\" This affects Windows 7, Windows Server 2008 R2. This CVE ID is unique from CVE-2018-8424.","state":"PUBLIC","assigner":"secure@microsoft.com","published_at":"2018-09-13 00:29:00","updated_at":"2018-11-25 14:24:00"},"problem_types":["CWE-200"],"metrics":[],"references":[{"url":"http://www.securityfocus.com/bid/105357","name":"105357","refsource":"BID","tags":["Third Party Advisory","VDB Entry"],"title":"Microsoft Windows GDI Component CVE-2018-8422 Information Disclosure Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8422","name":"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8422","refsource":"CONFIRM","tags":["Patch","Vendor Advisory"],"title":"","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2018-8422","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-8422","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2018","cve_id":"8422","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"microsoft","cpe5":"windows_7","cpe6":"-","cpe7":"sp1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"8422","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"microsoft","cpe5":"windows_7","cpe6":"-","cpe7":"sp1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"8422","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"microsoft","cpe5":"windows_server","cpe6":"2008","cpe7":"r2","cpe8":"sp1","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"itanium","cpe13":"*"},{"cve_year":"2018","cve_id":"8422","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"microsoft","cpe5":"windows_server","cpe6":"2008","cpe7":"r2","cpe8":"sp1","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"x64","cpe13":"*"},{"cve_year":"2018","cve_id":"8422","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"microsoft","cpe5":"windows_server","cpe6":"2008","cpe7":"r2","cpe8":"sp1","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"itanium","cpe13":"*"},{"cve_year":"2018","cve_id":"8422","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"microsoft","cpe5":"windows_server","cpe6":"2008","cpe7":"r2","cpe8":"sp1","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"x64","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"secure@microsoft.com","ID":"CVE-2018-8422","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"Windows 7","version":{"version_data":[{"version_value":"32-bit Systems Service Pack 1"},{"version_value":"x64-based Systems Service Pack 1"}]}},{"product_name":"Windows Server 2008 R2","version":{"version_data":[{"version_value":"Itanium-Based Systems Service Pack 1"},{"version_value":"x64-based Systems Service Pack 1"},{"version_value":"x64-based Systems Service Pack 1 (Server Core installation)"}]}}]},"vendor_name":"Microsoft"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka \"Windows GDI Information Disclosure Vulnerability.\" This affects Windows 7, Windows Server 2008 R2. This CVE ID is unique from CVE-2018-8424."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Information Disclosure"}]}]},"references":{"reference_data":[{"name":"105357","refsource":"BID","url":"http://www.securityfocus.com/bid/105357"},{"name":"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8422","refsource":"CONFIRM","url":"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8422"}]}},"nvd":{"publishedDate":"2018-09-13 00:29:00","lastModifiedDate":"2018-11-25 14:24:00","problem_types":["CWE-200"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":6.5,"baseSeverity":"MEDIUM"},"exploitabilityScore":2.8,"impactScore":3.6},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:N/A:N","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":4.3},"severity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:microsoft:windows_server:2008:r2:sp1:*:*:*:itanium:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:microsoft:windows_server:2008:r2:sp1:*:*:*:x64:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2018","CveId":"8422","Ordinal":"124777","Title":"CVE-2018-8422","CVE":"CVE-2018-8422","Year":"2018"},"notes":[{"CveYear":"2018","CveId":"8422","Ordinal":"1","NoteData":"An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka \"Windows GDI Information Disclosure Vulnerability.\" This affects Windows 7, Windows Server 2008 R2. This CVE ID is unique from CVE-2018-8424.","Type":"Description","Title":null},{"CveYear":"2018","CveId":"8422","Ordinal":"2","NoteData":"2018-09-12","Type":"Other","Title":"Published"},{"CveYear":"2018","CveId":"8422","Ordinal":"3","NoteData":"2018-09-20","Type":"Other","Title":"Modified"}]}}}