Vulnerability CVE-2017-8493


Published: 2017-06-14   Modified: 2017-06-15

Description:
Microsoft Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to set variables that are either read-only or require authentication when Windows fails to enforce case sensitivity for certain variable checks, aka "Windows Security Feature Bypass Vulnerability".

Type:

CWE-178

(Improper Handling of Case Sensitivity)

CVSS2 => (AV:L/AC:L/Au:N/C:N/I:P/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
2.1/10
2.9/10
3.9/10
Exploit range
Attack complexity
Authentication
Local
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
Partial
None
Affected software
Microsoft -> Windows rt 8.1 
Microsoft -> Windows server 2012 
Microsoft -> Windows server 2016 
Microsoft -> Windows 10 
Microsoft -> Windows 8.1 

 References:
http://www.securityfocus.com/bid/98850
http://www.securitytracker.com/id/1038671
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8493

Copyright 2024, cxsecurity.com

 

Back to Top