What is CVE-2018-0952?

CVE-2018-0952 is a vulnerability in Microsoft Visual Studio. Published 2018-08-15.

Is CVE-2018-0952 known to be exploited?

6 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Microsoft Visual Studio

CVE-2018-0952

An Elevation of Privilege vulnerability exists when Diagnostics Hub Standard Collector allows file creation in arbitrary locations, aka "Diagnostic Hub Standard Collector Elevation Of Privilege Vulnerability." This affects Windows Server 2…

EPSS: 0.392 (97.4th percentile) — read the EPSS interpretation.

Affected products

Microsoft Visual Studio — versions 2017 Version 15.8, 2017, 2015 Update 3
Microsoft Windows 10 — versions x64-based Systems, Version 1607 for x64-based Systems, Version 1709 for x64-based Systems
Microsoft Windows 10 Servers — versions version 1803 (Server Core Installation), version 1709 (Server Core Installation)
Microsoft Windows Server 2016 — versions (Server Core installation)

Public proof-of-concept exploits

References

105048 (vdb-entry, x_refsource_BID)
45244 (exploit, x_refsource_EXPLOIT-DB)
1041466 (vdb-entry, x_refsource_SECTRACK)
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0952 (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2018-0952?: CVE-2018-0952 is a vulnerability in Microsoft Visual Studio. Published 2018-08-15.
Is CVE-2018-0952 known to be exploited?: 6 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.