CVE-2018-0745 - Vulnerability Details - OpenCVE

The Windows kernel in Windows 10 version 1703. Windows 10 version 1709, and Windows Server, version 1709 allows an information disclosure vulnerability due to the way objects are handled in memory, aka "Windows Information Disclosure Vulnerability". This CVE ID is unique from CVE-2018-0746 and CVE-2018-0747.

No CVSS v4.0

No CVSS v3.1

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Microsoft	Windows 10 Windows Server 2016

Configuration 1 [-]

OR	cpe:2.3:o:microsoft:windows_10:1703:::::::*
	cpe:2.3:o:microsoft:windows_10:1709:::::::*
	cpe:2.3:o:microsoft:windows_server_2016:1709:::::::*

No data.

References

Link	Providers
http://www.securityfocus.com/bid/102353
http://www.securitytracker.com/id/1040097
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0745
https://www.exploit-db.com/exploits/43470/

History

No history.

MITRE

Status: PUBLISHED

Assigner: microsoft

Published: 2018-01-04T14:00:00Z

Updated: 2024-09-16T23:06:09.120Z

Reserved: 2017-12-01T00:00:00

Link: CVE-2018-0745

Vulnrichment

No data.

NVD

Status : Modified

Published: 2018-01-04T14:29:00.363

Modified: 2024-11-21T03:38:51.700

Link: CVE-2018-0745

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Windows kernel", "vendor": "Microsoft Corporation", "versions": [{"status": "affected", "version": "Windows 10 version 1703. Windows 10 version 1709, and Windows Server, version 1709"}]}], "datePublic": "2018-01-03T00:00:00", "descriptions": [{"lang": "en", "value": "The Windows kernel in Windows 10 version 1703. Windows 10 version 1709, and Windows Server, version 1709 allows an information disclosure vulnerability due to the way objects are handled in memory, aka \"Windows Information Disclosure Vulnerability\". This CVE ID is unique from CVE-2018-0746 and CVE-2018-0747."}], "problemTypes": [{"descriptions": [{"description": "Information Disclosure", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-01-11T10:57:01", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft"}, "references": [{"name": "1040097", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1040097"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0745"}, {"name": "102353", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/102353"}, {"name": "43470", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/43470/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secure@microsoft.com", "DATE_PUBLIC": "2018-01-03T00:00:00", "ID": "CVE-2018-0745", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Windows kernel", "version": {"version_data": [{"version_value": "Windows 10 version 1703. Windows 10 version 1709, and Windows Server, version 1709"}]}}]}, "vendor_name": "Microsoft Corporation"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Windows kernel in Windows 10 version 1703. Windows 10 version 1709, and Windows Server, version 1709 allows an information disclosure vulnerability due to the way objects are handled in memory, aka \"Windows Information Disclosure Vulnerability\". This CVE ID is unique from CVE-2018-0746 and CVE-2018-0747."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Information Disclosure"}]}]}, "references": {"reference_data": [{"name": "1040097", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1040097"}, {"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0745", "refsource": "CONFIRM", "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0745"}, {"name": "102353", "refsource": "BID", "url": "http://www.securityfocus.com/bid/102353"}, {"name": "43470", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/43470/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T03:35:49.268Z"}, "title": "CVE Program Container", "references": [{"name": "1040097", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1040097"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0745"}, {"name": "102353", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/102353"}, {"name": "43470", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "https://www.exploit-db.com/exploits/43470/"}]}]}, "cveMetadata": {"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2018-0745", "datePublished": "2018-01-04T14:00:00Z", "dateReserved": "2017-12-01T00:00:00", "dateUpdated": "2024-09-16T23:06:09.120Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*", "matchCriteriaId": "AEE2E768-0F45-46E1-B6D7-087917109D98", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*", "matchCriteriaId": "83B14968-3985-43C3-ACE5-8307196EFAE3", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2016:1709:*:*:*:*:*:*:*", "matchCriteriaId": "5B454BFE-D3AB-4CDC-B79B-F60EA3F57DBA", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The Windows kernel in Windows 10 version 1703. Windows 10 version 1709, and Windows Server, version 1709 allows an information disclosure vulnerability due to the way objects are handled in memory, aka \"Windows Information Disclosure Vulnerability\". This CVE ID is unique from CVE-2018-0746 and CVE-2018-0747."}, {"lang": "es", "value": "El kernel de Windows en Windows 10 en su versi\u00f3n 1703, Windows 10 en su versi\u00f3n 1709 y Windows Server en su versi\u00f3n 1709 permite una vulnerabilidad de revelaci\u00f3n de informaci\u00f3n por la manera en la que se gestionan los objetos en la memoria. Esta vulnerabilidad tambi\u00e9n se conoce como \"Windows Information Disclosure Vulnerability\". El ID de este CVE es diferente de CVE-2018-0746 y CVE-2018-0747."}], "id": "CVE-2018-0745", "lastModified": "2024-11-21T03:38:51.700", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 1.9, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 1.0, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-01-04T14:29:00.363", "references": [{"source": "secure@microsoft.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/102353"}, {"source": "secure@microsoft.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1040097"}, {"source": "secure@microsoft.com", "tags": ["Vendor Advisory"], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0745"}, {"source": "secure@microsoft.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/43470/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/102353"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1040097"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0745"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/43470/"}], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-665"}], "source": "nvd@nist.gov", "type": "Primary"}]}