Lucene search

K
cveMicrosoftCVE-2017-0025
HistoryMar 17, 2017 - 12:59 a.m.

CVE-2017-0025

2017-03-1700:59:00
microsoft
web.nvd.nist.gov
81
In Wild
cve-2017-0025
kernel-mode
driver
privilege escalation
windows
vulnerability
win32k
elevation of privilege
nvd

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

6.2

Confidence

High

EPSS

0.001

Percentile

48.2%

The kernel-mode drivers in Microsoft Windows Vista; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allow local users to gain privileges via a crafted application, aka “Win32k Elevation of Privilege Vulnerability.” This vulnerability is different from those described in CVE-2017-0001, CVE-2017-0005, and CVE-2017-0047.

Affected configurations

Nvd
Vulners
Node
microsoftwindows_10Match-
OR
microsoftwindows_10Match1511
OR
microsoftwindows_10Match1607
OR
microsoftwindows_7sp1
OR
microsoftwindows_8.1
OR
microsoftwindows_rt_8.1
OR
microsoftwindows_server_2008sp2
OR
microsoftwindows_server_2008Matchr2sp1
OR
microsoftwindows_server_2012Match-
OR
microsoftwindows_server_2012Matchr2
OR
microsoftwindows_server_2016
OR
microsoftwindows_vistasp2
VendorProductVersionCPE
microsoftwindows_10-cpe:/o:microsoft:windows_10:-:::
microsoftwindows_7cpe:/o:microsoft:windows_7::sp1::
microsoftwindows_vistacpe:/o:microsoft:windows_vista::sp2::
microsoftwindows_101607cpe:/o:microsoft:windows_10:1607:::
microsoftwindows_server_2012-cpe:/o:microsoft:windows_server_2012:-:::
microsoftwindows_rt_8.1cpe:/o:microsoft:windows_rt_8.1::::
microsoftwindows_server_2012r2cpe:/o:microsoft:windows_server_2012:r2:::
microsoftwindows_server_2008cpe:/o:microsoft:windows_server_2008::sp2::
microsoftwindows_server_2016cpe:/o:microsoft:windows_server_2016::::
microsoftwindows_server_2008r2cpe:/o:microsoft:windows_server_2008:r2:sp1::
Rows per page:
1-10 of 121

CNA Affected

[
  {
    "product": "Windows GDI",
    "vendor": "Microsoft Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "The kernel-mode drivers in Microsoft Windows Vista; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows Server 2016"
      }
    ]
  }
]

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

6.2

Confidence

High

EPSS

0.001

Percentile

48.2%