Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
mscveMicrosoftMS:CVE-2017-0211
HistoryApr 11, 2017 - 7:00 a.m.

Windows OLE Elevation of Privilege Vulnerability

2017-04-1107:00:00
Microsoft
msrc.microsoft.com
22

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

EPSS

0.004

Percentile

73.1%

JSON

An elevation of privilege vulnerability exists in Microsoft Windows OLE when it fails an integrity-level check.

An attacker who successfully exploited the vulnerability could allow an application with limited privileges on an affected system to execute code at a medium integrity level. The vulnerability by itself does not allow arbitrary code to be run, but can be used in conjunction with one or more vulnerabilities (e.g. another elevation of privilege or a remote code execution vulnerability) that could take advantage of the elevated privileges when running.

The update addresses the vulnerability by correcting how Microsoft OLE checks the integrity level of certain processes.

Related

symantec 1
cvelist 1
prion 1
zdt 1
nvd 1
cve 1
exploitdb 1
kaspersky 1
mskb 8
nessus 5
openvas 6
symantec
symantec
Microsoft Windows OLE CVE-2017-0211 Local Privilege Escalation Vulnerability
2017-04-11 00:00:00
cvelist
cvelist
CVE-2017-0211
2017-04-12 14:00:00
prion
prion
Privilege escalation
2017-04-12 14:59:00
zdt
zdt
Microsoft Windows 10 - Runtime Broker ClipboardBroker Privilege Escalation Exploit
2017-04-21 00:00:00
nvd
nvd
CVE-2017-0211
2017-04-12 14:59:01
cve
cve
CVE-2017-0211
2017-04-12 14:59:01
exploitdb
exploitdb
Microsoft Windows 10 - Runtime Broker ClipboardBroker Privilege Escalation
2017-04-20 00:00:00
kaspersky
kaspersky
KLA11059 Multiple vulnerabilities in Microsoft Windows
2017-04-11 00:00:00
mskb
mskb
April 11, 2017—KB4015548 (Security-only update)
2017-04-11 07:00:00
April 11, 2017—KB4015551 (Monthly Rollup)
2017-04-11 07:00:00
April 11, 2017—KB4015547 (Security-only update)
2017-04-11 07:00:00
nessus
nessus
Windows Server 2012 April 2017 Security Updates (Petya)
2017-04-11 00:00:00
KB4015217: Windows 10 1607 April 2017 Cumulative Update
2017-04-11 00:00:00
Windows 8.1 and Windows Server 2012 R2 April 2017 Security Updates
2017-04-12 00:00:00
openvas
openvas
Microsoft Windows Monthly Rollup (KB4015551)
2017-04-12 00:00:00
Microsoft Windows Monthly Rollup (KB4015550)
2017-04-12 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB4015583)
2017-04-12 00:00:00

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

EPSS

0.004

Percentile

73.1%

JSON
Related for MS:CVE-2017-0211
symantec1cvelist1prion1zdt1nvd1cve1exploitdb1kaspersky1mskb8nessus5openvas6