CVE-2018-8589

CVE Database · CVE-2018-8589

CVE-2018-8589

· HIGHAnalyzed

CVSS v3.1

7.8

EPSS

3.05%

Published

Nov 13, 2018

Modified

Oct 28, 2025

CISA Known Exploited Vulnerability

Added: 2022-05-23 · Due: 2022-06-13

Apply updates per vendor instructions.

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

An elevation of privilege vulnerability exists when Windows improperly handles calls to Win32k.sys, aka "Windows Win32k Elevation of Privilege Vulnerability." This affects Windows Server 2008, Windows 7, Windows Server 2008 R2.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products (4)

microsoft · windows_7vulnerable

microsoft · windows_server_2008vulnerable

References (7)

http://www.securityfocus.com/bid/105796

Broken LinkThird Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1042140

Broken LinkThird Party AdvisoryVDB Entry

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8589

PatchVendor Advisory

http://www.securityfocus.com/bid/105796

Broken LinkThird Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1042140

Broken Link

KEV Catalog EPSS Scores Vendors All CVEs