Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveMicrosoftCVE-2017-0211
HistoryApr 12, 2017 - 2:59 p.m.

CVE-2017-0211

2017-04-1214:59:01
CWE-610
microsoft
web.nvd.nist.gov
110
4
windows
ole
vulnerability
elevation of privilege
nvd
cve-2017-0211

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

AI Score

6.4

Confidence

High

EPSS

0.004

Percentile

73.1%

JSON

An elevation of privilege vulnerability exists in Windows 10, Windows 8.1, Windows RT 8.1, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 versions of Microsoft Windows OLE when it fails an integrity-level check, aka “Windows OLE Elevation of Privilege Vulnerability.”

Affected configurations

Nvd
Vulners
Node
microsoftwindows_10
OR
microsoftwindows_10Match1511
OR
microsoftwindows_10Match1607
OR
microsoftwindows_10Match1703
OR
microsoftwindows_8.1
OR
microsoftwindows_rt_8.1
OR
microsoftwindows_server_2012
OR
microsoftwindows_server_2012Matchr2
OR
microsoftwindows_server_2016
VendorProductVersionCPE
microsoftwindows_10*cpe:2.3:o:microsoft:windows_10:*:*:*:*:*:*:*:*
microsoftwindows_101511cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*
microsoftwindows_101607cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*
microsoftwindows_101703cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*
microsoftwindows_8.1*cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*
microsoftwindows_rt_8.1*cpe:2.3:o:microsoft:windows_rt_8.1:*:*:*:*:*:*:*:*
microsoftwindows_server_2012*cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:*:*
microsoftwindows_server_2012r2cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
microsoftwindows_server_2016*cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*

CNA Affected

[
  {
    "product": "Windows OLE",
    "vendor": "Microsoft Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "Windows 10, Windows 8.1, Windows RT 8.1, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016"
      }
    ]
  }
]

Social References

More

Related

prion 1
zdt 1
nvd 1
mscve 1
exploitdb 1
symantec 1
cvelist 1
kaspersky 1
mskb 8
nessus 5
openvas 6
prion
prion
Privilege escalation
2017-04-12 14:59:00
zdt
zdt
Microsoft Windows 10 - Runtime Broker ClipboardBroker Privilege Escalation Exploit
2017-04-21 00:00:00
nvd
nvd
CVE-2017-0211
2017-04-12 14:59:01
mscve
mscve
Windows OLE Elevation of Privilege Vulnerability
2017-04-11 07:00:00
exploitdb
exploitdb
Microsoft Windows 10 - Runtime Broker ClipboardBroker Privilege Escalation
2017-04-20 00:00:00
symantec
symantec
Microsoft Windows OLE CVE-2017-0211 Local Privilege Escalation Vulnerability
2017-04-11 00:00:00
cvelist
cvelist
CVE-2017-0211
2017-04-12 14:00:00
kaspersky
kaspersky
KLA11059 Multiple vulnerabilities in Microsoft Windows
2017-04-11 00:00:00
mskb
mskb
April 11, 2017—KB4015548 (Security-only update)
2017-04-11 07:00:00
April 11, 2017—KB4015551 (Monthly Rollup)
2017-04-11 07:00:00
April 11, 2017—KB4015547 (Security-only update)
2017-04-11 07:00:00
nessus
nessus
Windows Server 2012 April 2017 Security Updates (Petya)
2017-04-11 00:00:00
KB4015217: Windows 10 1607 April 2017 Cumulative Update
2017-04-11 00:00:00
Windows 8.1 and Windows Server 2012 R2 April 2017 Security Updates
2017-04-12 00:00:00
openvas
openvas
Microsoft Windows Monthly Rollup (KB4015551)
2017-04-12 00:00:00
Microsoft Windows Monthly Rollup (KB4015550)
2017-04-12 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB4015583)
2017-04-12 00:00:00

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

AI Score

6.4

Confidence

High

EPSS

0.004

Percentile

73.1%

JSON
Related for CVE-2017-0211
prion1zdt1nvd1mscve1exploitdb1symantec1cvelist1kaspersky1mskb8nessus5openvas6