{ "id": "CVE-2018-8554", "sourceIdentifier": "secure@microsoft.com", "published": "2018-11-14T01:29:01.237", "lastModified": "2022-05-23T17:29:16.123", "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory, aka \"DirectX Elevation of Privilege Vulnerability.\" This affects Windows 10 Servers, Windows 10, Windows Server 2019. This CVE ID is unique from CVE-2018-8485, CVE-2018-8561." }, { "lang": "es", "value": "Existe una vulnerabilidad de elevaci\u00f3n de privilegios cuando DirectX gestiona incorrectamente los objetos en la memoria. Esto tambi\u00e9n se conoce como \"DirectX Elevation of Privilege Vulnerability\". Esto afecta a Windows 10 Servers, Windows 10 y Windows Server 2019. El ID de este CVE es diferente de CVE-2018-8485 y CVE-2018-8561." } ], "metrics": { "cvssMetricV30": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.0", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" }, "exploitabilityScore": 1.8, "impactScore": 5.9 } ], "cvssMetricV2": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "2.0", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector": "LOCAL", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "baseScore": 7.2 }, "baseSeverity": "HIGH", "exploitabilityScore": 3.9, "impactScore": 10.0, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-404" } ] } ], "configurations": [ { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "matchCriteriaId": "7CB85C75-4D35-480E-843D-60579EC75FCB" }, { "vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "matchCriteriaId": "6B8F3DD2-A145-4AF1-8545-CC42892DA3D1" }, { "vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_server:1803:*:*:*:*:*:*:*", "matchCriteriaId": "2E732950-9F4C-434F-92EF-C1421CA35ADF" }, { "vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "matchCriteriaId": "DB79EE26-FC32-417D-A49C-A1A63165A968" } ] } ] } ], "references": [ { "url": "http://www.securityfocus.com/bid/105811", "source": "secure@microsoft.com", "tags": [ "Third Party Advisory", "VDB Entry" ] }, { "url": "http://www.securitytracker.com/id/1042135", "source": "secure@microsoft.com", "tags": [ "Third Party Advisory", "VDB Entry" ] }, { "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8554", "source": "secure@microsoft.com", "tags": [ "Patch", "Vendor Advisory" ] } ] }