CVE-2018-8202

EUVD-2018-19871
An elevation of privilege vulnerability exists in .NET Framework which could allow an attacker to elevate their privilege level, aka ".NET Framework Elevation of Privilege Vulnerability." This affects Microsoft .NET Framework 2.0, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.6, Microsoft .NET Framework 4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.7.1/4.7.2, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 4.7.2.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 77%
Affected Products (NVD)
VendorProductVersion
microsoft.net_framework
2.0:sp2
microsoft.net_framework
3.0:sp2
microsoft.net_framework
3.5
microsoft.net_framework
3.5.1
microsoft.net_framework
4.5.2
microsoft.net_framework
4.6
microsoft.net_framework
4.6.2
microsoft.net_framework
4.7
microsoft.net_framework
4.7.1
microsoft.net_framework
4.7.2
microsoft.net_framework
4.6
microsoft.net_framework
4.6.1
microsoft.net_framework
4.6.2
microsoft.net_framework
4.6
microsoft.net_framework
4.6.1
microsoft.net_framework
4.6.2
microsoft.net_framework
4.7
microsoft.net_framework
4.7.1
microsoft.net_framework
4.7.2
microsoft.net_framework
4.7.1
microsoft.net_framework
4.7.2
microsoft.net_framework
4.7.2
microsoft.net_framework
4.7
microsoft.net_framework
4.7.1
microsoft.net_framework
4.7.2
𝑥
= Vulnerable software versions
Windows Releases
Platform
Version
Windows 10
(x64, x86)
KB4345455
1607 (x64, x86)
KB4346877
1703 (x64, x86)
KB4345419
1709 (x64, x86)
KB4345420
1803 (x64, x86)
KB4345421
Windows 7
Service Pack 1 (x64, x86)
KB4344177
Service Pack 1 (x64, x86)
KB4344173
Service Pack 1 (x64, x86)
KB4344167
Windows 8.1
(x64, x86)
KB4344178
(x64, x86)
KB4344147
(x64, x86)
KB4344171
(x64, x86)
KB4344145
(x64, x86)
KB4344166
Windows RT 8.1
All
KB4344147
All
KB4344145
Windows Server
1709 Server Core
KB4345420
1803 Server Core
KB4345421
Windows Server 2008
Service Pack 2 (x64, x86)
KB4344176
Service Pack 2 (x64, x86)
KB4338606
Service Pack 2 (x64, x86)
KB4344173
Windows Server 2008 R2
Service Pack 1 (x64)
KB4344177
Service Pack 1 (x64)
KB4344173
Service Pack 1 (x64)
KB4344167
Service Pack 1 Server Core (x64)
KB4344177
Service Pack 1 Server Core (x64)
KB4344173
Service Pack 1 Server Core (x64)
KB4344167
Windows Server 2012
Server Core
KB4344175
Server Core
KB4344172
Server Core
KB4344165
Standard
KB4344175
Standard
KB4344172
Standard
KB4344165
Windows Server 2012 R2
Server Core
KB4344178
Server Core
KB4344147
Server Core
KB4344171
Server Core
KB4344145
Server Core
KB4344166
Standard
KB4344178
Standard
KB4344147
Standard
KB4344171
Standard
KB4344145
Standard
KB4344166
Windows Server 2016
Server Core
KB4346877
Standard
KB4346877
References
http://www.securityfocus.com/bid/104665
http://www.securitytracker.com/id/1041257
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8202
http://www.securityfocus.com/bid/104665
http://www.securitytracker.com/id/1041257
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8202