module

Windows NtUserSetWindowFNID Win32k User Callback

Disclosed	Created
2018-10-09	2019-07-15

Disclosed

2018-10-09

Created

2019-07-15

Description

An elevation of privilege vulnerability exists in Windows when the Win32k component
fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability."
This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows
Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2,
Windows 10, Windows 10 Servers.
This module is tested against Windows 10 v1703 x86.

Authors

ze0r
Kaspersky Lab
Jacob Robles

Platform

Windows

Architectures

x86

References

Module Options

To display the available options, load the module within the Metasploit console and run the commands ‘show options’ or ‘show advanced’:


    msf > use exploit/windows/local/cve_2018_8453_win32k_priv_esc
    msf exploit(cve_2018_8453_win32k_priv_esc) > show targets
        ...targets...
    msf exploit(cve_2018_8453_win32k_priv_esc) > set TARGET < target-id >
    msf exploit(cve_2018_8453_win32k_priv_esc) > show options
        ...show and set options...
    msf exploit(cve_2018_8453_win32k_priv_esc) > exploit

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today