Elevation of Privilege Vulnerability in Windows Subsystem for Linux by Microsoft
CVE-2018-0743

7HIGH

Key Information:

Vendor
Microsoft
Status
Windows Subsystem For Linux
Vendor
CVE Published:
4 January 2018

Summary

An elevation of privilege vulnerability exists in the Windows Subsystem for Linux due to improper handling of objects in memory. An attacker who exploits this vulnerability could run arbitrary code with elevated privileges on the system. This type of attack requires that the user be logged in and could enable the attacker to gain control over the affected system, potentially compromising sensitive data.

Affected Version(s)

Windows Subsystem for Linux Windows 10 version 1703, Windows 10 version1709, and Windows Server, version 1709

References

http://www.securitytracker.com/id/1040094
vdb-entryx_refsource_SECTRACK
https://github.com/saaramar/execve_exploit
x_refsource_MISC
https://twitter.com/AmarSaar/status/948892321755598848
x_refsource_MISC

EPSS Score

7% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
7
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.