EDB-ID: 44915 CVE: 2018-8214 Author: GOOGLE SECURITY RESEARCH Type: DOS Platform: WINDOWS Date: 2018-06-20 Vulnerable App: Windows 1709 (not tested earlier version) Class: Elevation of Privilege Summary The handling of the virtual registry for desktop bridge applications can allow an application to create arbitrary files as system resulting in EoP. This is because the fix for CVE-2018-0880 (MSRC case 42755) did not cover all similar cases which were reported at the same time in the issue. Description The Cache directory and sub files are now secured so only admins and system can access them. The original PoC doesn't fix the issue; Helium directory can be abused in the same way. The only real way to fix this issue would be to completely remove the opportunity to replace the registry cache files from a normal user. Proof of Concept Provided as a Cproject. Application: Get Office/My Office (version 17.8830.7600.0). The exploit creates the file in the system32 folder which is writable by a normal user. Link https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/44915.zip