Vulnerability CVE-2017-0213

Vulnerability CVE-2017-0213

Published: 2017-05-12

Description:

Windows COM Aggregate Marshaler in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation privilege vulnerability when an attacker runs a specially crafted application, aka "Windows COM Elevation of Privilege Vulnerability". This CVE ID is unique from CVE-2017-0214.

See advisories in our WLB2 database:

	Topic	Author	Date
High	Microsoft Windows COM Aggregate IRemUnknown2 Type Confusion Privilege Escalation	Google Security ...	18.05.2017

Type:

CWE-noinfo

CVSS2 => (AV:L/AC:M/Au:N/C:N/I:P/A:N)

CVSS Base Score	Impact Subscore	Exploitability Subscore
1.9/10	2.9/10	3.4/10

Exploit range	Attack complexity	Authentication
Local	Medium	No required
Confidentiality impact	Integrity impact	Availability impact
None	Partial	None

Affected software
Microsoft -> Windows 10
Microsoft -> Windows rt 8.1
Microsoft -> Windows server 2016
Microsoft -> Windows server 2008
Microsoft -> Windows 8.1
Microsoft -> Windows server 2012
Microsoft -> Windows 7

References:

http://www.securityfocus.com/bid/98102

http://www.securitytracker.com/id/1038457

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0213

https://www.exploit-db.com/exploits/42020/

Copyright 2024, cxsecurity.com