Privilege escalation in Microsoft Windows Installer

Published: 2018-08-14 23:15:07
Severity Low
Patch available YES
Number of vulnerabilities 1
CVE ID CVE-2018-8339
Exploitation vector Local
Public exploit N/A
Vulnerable software Windows
Windows Server
Vulnerable software versions Windows 8.1
Windows 7
Windows 10
Windows RT 8.1
Windows Server 2012
Windows Server 2012 R2
Windows Server 2008
Windows Server 2008 R2
Windows Server 2016
Vendor URL Microsoft

Security Advisory

1) Privilege escalation


The vulnerability allows a local attacker to gain elevated privileges.

The vulnerability exists due to insecure .dll loading mechanism when opening files. A local attacker can place a file along with specially crafted .dll file on a remote SBM or WebDAV share and execute arbitrary code on the target system with elevated privileges.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.


Install updates from vendor's website.

External links

Back to List